Deeplinkshttps://www.eff.org/es/rss/updates.xml/national-security-letters
EFF's Deeplinks Blog: Noteworthy news from around the internetesTwilio Demonstrates Why Courts Should Review Every National Security Letterhttps://www.eff.org/es/deeplinks/2018/02/twilio-demonstrates-why-courts-should-review-every-national-security-letter
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The list of companies who exercise their right to ask for judicial review when handed national security letter gag orders from the FBI is growing. Last week, the communications platform Twilio posted two NSLs after the FBI backed down from its gag orders. As Twilio’s accompanying <a href="https://www.twilio.com/blog/2018/02/developers-guide-to-nsl.html">blog post</a> documents, the FBI simply couldn’t or didn’t want to justify its nondisclosure requirements in court. This might be the starkest public example yet of why courts should be involved in reviewing NSL gag orders in all cases.</p>
<p><a href="https://www.eff.org/issues/national-security-letters">National security letters</a> are a kind of subpoena that give the FBI the power to require telecommunications and Internet providers to hand over private customer records—including names, addresses, and financial records. The FBI nearly always accompanies these requests with a blanket gag order, shutting up the providers and keeping the practice in the shadows, away from public knowledge or criticism.</p>
<p>Although NSLs gag orders severely restrict the providers’ ability to talk about their involvement in government surveillance, the FBI can issue them without court oversight. Under the First Amendment, “prior restraints” like these gag orders are almost never allowed, which is why EFF and our clients CREDO Mobile and Cloudflare have for years been suing to have the NSL statute declared unconstitutional. In response to our suit, <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here">Congress included in the 2015 USA FREEDOM Act</a> a process to allow providers to push back against those gag orders.</p>
<p>The new process (referred to as “reciprocal notice”) gives technology companies a right to request judicial review of the gag orders accompanying NSLs. When a company invokes the reciprocal notice process, the government is required to bring the gag order before a judge within 30 days. The judge then reviews the gag order and either approves, modifies, or invalidates it. The company can appear in that proceeding to argue its case, but is not required to do so.</p>
<p>Under the law, reciprocal notice is just an option. It’s no substitute for the full range of First Amendment protections against improper prior restraints, let alone mandatory judicial review of NSL gags in all cases. Nevertheless, <a href="https://www.eff.org/deeplinks/2017/07/requiring-judicial-review-every-gag-order-simple-way-have-our-backs-apple-does">EFF encourages all providers to invoke reciprocal notice</a> because it’s the best mechanism available to Internet companies to voice their objections to NSLs. In our 2017 Who Has Your Back report, we awarded gold stars to companies that promised to tell the FBI to go to court for all NSLs, including giants like Apple and Dropbox.</p>
<p>Twilio is the latest company to follow this best practice. It received the two national security letters in May 2017, both of which included nondisclosure requirements preventing Twilio from notifying its users about the government request. And both times, Twilio successfully invoked reciprocal notice, leading to FBI to give permission to publish the letters. This might seem surprising, given that in order to issue a gag, the FBI is <a href="https://www.law.cornell.edu/uscode/text/18/2709">supposed to certify that disclosure of the NSL risks serious harm</a> related to an investigation involving national security.</p>
<p>But rather than going to court to back up its certification, the FBI backed down. It retracted one of the NSLs entirely, so that Twilio was not forced to hand over any information at all. For the other, the FBI simply removed the gag order, allowing Twilio to inform its customer and publish the NSL.</p>
<p>This is not what the proper use of a surveillance tool looks like. Instead, it reveals a regime of censorship by attrition. The FBI imposes thousands of NSL gag orders a year, and by default, these gag orders remain in place indefinitely. Only when a company like Twilio objects, does the government have any minimal burden of showing its work. Without a legal obligation to do so in all cases, the FBI can simply hope most companies don’t speak up.</p>
<p>That’s why it’s so crucial that companies like Twilio take responsibility and invoke reciprocal notice. Better still,Twilio also published a list of best practices that companies can look to when responding to NSLs, including template language to push back on standard nondisclosure requirements. (Automattic, the company behind Wordpress, <a href="https://transparency.automattic.com/2017/07/25/shining-light-on-national-security-letters/">published a similar template</a> last year.)</p>
<p>As the company explained, “The process for receiving and responding to national security letters has become less opaque, but there’s still more room for sunlight.”</p>
<p>We couldn’t agree more. Hopefully if more companies follow the lead of Apple, Dropbox, Twilio and the others who received stars on our report, the courts and Congress will see the need for further reform of the law.</p>
</div></div></div>Wed, 07 Feb 2018 00:09:07 +000098035 at https://www.eff.orgCommentaryNational Security LettersTransparencySecurity EducationAndrew CrockerDavid RuizWhy the Ninth Circuit Got It Wrong on National Security Letters and How We’ll Keep Fightinghttps://www.eff.org/es/deeplinks/2017/07/why-ninth-circuit-got-it-wrong-national-security-letters-and-how-well-keep
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a disappointing opinion issued on Monday, the Ninth Circuit <a href="https://www.eff.org/document/ninth-circuit-2017-nsl-opinion">upheld</a> the national security letter (NSL) statute against a <a href="https://www.eff.org/issues/national-security-letters">First Amendment challenge</a> brought by EFF on behalf of our clients CREDO Mobile and Cloudflare. We applaud our clients’ courage as part of a years-long court battle, conducted largely under seal and in secret.</p>
<p>We strongly disagree with the opinion and are weighing how to proceed in the case. Even though this ruling is disappointing, together EFF and our clients achieved a great deal over the past six years. The lawsuit spurred Congress to amend the law, and our advocacy related to the case caused <a href="https://www.eff.org/deeplinks/2017/07/requiring-judicial-review-every-gag-order-simple-way-have-our-backs-apple-does">leading tech companies to also challenge NSLs</a>. Along the way, the government went from fighting to keep every single NSL gag order in place to the point where <a href="https://www.eff.org/deeplinks/2016/12/chipping-away-national-security-letters-2016-review">many have been lifted</a>, some in whole and many in part. That includes this case, of course, where we can now proudly tell the <a href="https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years">names</a> <a href="https://www.eff.org/press/releases/credo-confirms-its-center-long-running-NSL-fight">of our clients to the world</a>. </p>
<p>No matter what happens with these particular lawsuits, we are not done fighting unconstitutional use of NSLs and similar laws. </p>
<h2><b>Making sense of a disappointing ruling</b></h2>
<p>National security letters are a kind of subpoena issued by the FBI to communications service providers like our clients to force them to turn over customer records. NSLs nearly always contain gag orders preventing recipients from telling anyone about these surveillance requests, all without any mandatory court oversight. As a result, the Internet and communications companies that we all trust with our most sensitive information cannot be truthful with their customers and the public about the scope of government surveillance. </p>
<p>NSL gags are perfect examples of “prior restraints,” government orders prohibiting speech rather than punishing it after the fact. The First Amendment embodies the Founders’ strong distrust of prior restraints as powerful censorship tools, and the Supreme Court has repeatedly said they are presumptively unconstitutional unless they meet the “most exacting” judicial scrutiny. Similarly, because NSLs prevent recipients from talking about the FBI’s request for customer data, they are content-based restrictions on speech, which are subject to strict scrutiny. So NSL gags ought to be put to the strictest of First Amendment tests.</p>
<p>Unfortunately, the Ninth Circuit questioned whether NSLs are prior restraints at all. And although the court did acknowledge they are separately content-based restrictions on speech, it said the law is narrowly tailored even though it plainly allows censorship that is broader in scope and longer in duration than the government actually needs. As a result, the court held the government’s interest in national security overcomes any First Amendment interests at stake.</p>
<p>The ruling is seriously flawed.</p>
<h2><b>Not-so-narrow tailoring</b> </h2>
<p>In order to find that the law satisfied strict scrutiny, the court overlooked both the overinclusiveness and indefinite duration of NSL gag orders. Narrow tailoring requires that a restriction on speech be fitted carefully to just what the government needs to protect its investigation and that no less speech-restrictive alternatives are available. </p>
<p>But NSLs are often wildly overinclusive. For example, they prevent even a company with millions of users like Cloudflare from simply saying it has received an NSL, on the theory that individual users engaged in terrorism or espionage might somehow infer from that fact alone that the government is on their trail.</p>
<p>The court admitted that a blanket gag in this scenario might well be overinclusive, but it simply deferred to the FBI’s decisionmaking. But of course, under the First Amendment, decisions about censorship aren’t supposed to be left to officials whose <a href="https://supreme.justia.com/cases/federal/us/380/51/case.html">"business is to censor.”</a> And here, we know that NSLs routinely issue to big tech companies with large numbers of users like both Cloudflare and CREDO, and only in rare circumstances does the FBI allow these companies to report on specific NSLs they’ve received.</p>
<p>Similarly, the FBI often leaves NSL gags in place indefinitely, sometimes even permanently. Indeed, the FBI has told our client CREDO that one of the NSLs in the case is now permanent, and the Bureau will not further revisit the gag it imposed to determine whether it still serves national security. Here again, the court acknowledged that at the least, narrow tailoring requires a gag “must terminate when it no longer serves” the government’s national security interests. But instead of <i>applying</i> the First Amendment’s narrow tailoring requirement, the court declined to “quibble” with the censoring agency, the FBI, and its <a href="https://www.techdirt.com/articles/20160805/05574435164/court-says-fbi-must-review-nsl-gag-orders-every-three-years-rather-than-almost-never.shtml">loophole-ridden</a> internal procedures for reviewing NSLs. Nevertheless, these procedures “do not resolve the duration issue entirely,” as the Ninth Circuit understatedly put it, since they may still produce permanent gags, as with CREDO. As a result, the court suggested that NSL recipients can repeatedly challenge permanent gags until they’re finally lifted. </p>
<h2><b>The problem of prior restraints and judicial review</b></h2>
<p>However, that points to the other fundamental problem with NSLs: they are issued without any mandatory court oversight. As discussed above, prior restraints are almost never constitutional. The Supreme Court has said that even in the rare circumstance when prior restraints can be justified, they must be approved by a neutral court, not just an executive official. But the NSL statute doesn’t require a court to be involved in all cases; instead, judicial review takes place only if NSL recipients file a lawsuit, like our clients did, or if they ask the government to go to court to review the gag using a procedure known as “reciprocal notice.” </p>
<p>The Ninth Circuit had two responses to this lack of judicial oversight.</p>
<p>First, it wrongly suggested the law of prior restraints simply does not apply here. The theory is that unlike cases involving newspapers that are prevented from publishing, NSL recipients haven’t shown a preexisting desire to speak, and when they do, they’re asking to publish information they supposedly learned from the government. But as we pointed out, that’s inconsistent with case law that says, for instance, that witnesses at grand jury proceedings—which are historically both secret and subject to court oversight—cannot be indefinitely gagged from talking about their own testimony. NSL gags go much further.</p>
<p>Second, the court suggested that even though the burden is on NSL recipients to challenge gags, this is a “de minimis” burden that doesn’t violate the First Amendment. When Congress passed the USA FREEDOM Act in 2015, it gave recipients the option of invoking reciprocal notice and asking the government to go to court rather than filing their own lawsuit. That’s simply not good enough; the First Amendment requires the <i>government </i>be the one to go to court to prove to a judge it actually requires an NSL accompanied by a gag. Not to mention that forcing companies that receive NSLs to fight them in court and defend user privacy may actually be a heavy burden. </p>
<h2><b>Big progress nonetheless</b><b> </b></h2>
<p>Despite these considerable errors in the Ninth Circuit’s opinion, we shouldn’t lose sight of progress made along the way. Nearly all of the features of the NSL statute that the court pointed to as saving graces of the law—the FBI’s internal review procedures and the option for reciprocal notice most notably—exist only because Congress stepped in <a href="https://www.eff.org/deeplinks/2015/08/justice-delayed-ninth-circuit-sends-effs-nsl-cases-back-consideration-under-usa">during our lawsuit</a> to amend the law.</p>
<p>So what’s left to providers that receive NSLs? Push back on the gags early and often. The “reciprocal notice” process, which the government says only requires a short letter or a phone call, should be done as a matter of course for any company receiving an NSL. And since the Ninth Circuit said that courts retain the ability to re-evaluate the gags as long as they remain in place, gagged providers should ask a court to step in and make sure the FBI can still prove the need for the gag—potentially over and over—until the gag is finally lifted. EFF wants to help with this, and we’re happy to consult with anyone subject to an NSL gag.</p>
<p>We’ve also encouraged technology companies to make the best of the <a href="https://www.eff.org/who-has-your-back-2017#nsl-gag-orders">reciprocal notice procedure as part of our annual <i>Who Has Your Back?</i> report</a>. If the government continues to argue that recipients don’t necessarily “want to speak” about NSLs, we can now point to the growing trend of major tech companies—Apple, Adobe, and Dropbox, among others—<a href="https://www.eff.org/deeplinks/2017/07/requiring-judicial-review-every-gag-order-simple-way-have-our-backs-apple-does">that have committed to invoking reciprocal notice and challenging every NSL they receive.</a> </p>
<p>Finally, we’ve seen other courts question gag orders in related contexts, and we’ve <a href="https://www.eff.org/deeplinks/2017/07/eff-access-now-cdt-and-oti-fight-back-against-secret-search-warrants">supported companies like Facebook and Microsoft</a> in these fights. We’re confident that in the long run, these prior restraints will be roundly rejected yet again.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div><div class="field__item odd"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div><div class="field__item even"><a href="/es/cases/re-national-security-letter-2013-13-80089">In re National Security Letter 2013 (13-80089)</a></div><div class="field__item odd"><a href="/es/cases/re-national-security-letter-2013-13-1165">In re National Security Letter 2013 (13-1165)</a></div></div></div>Tue, 18 Jul 2017 22:10:32 +000096591 at https://www.eff.orgLegal AnalysisTransparencyNational Security LettersAndrew CrockerRequiring Judicial Review for Every Gag Order Is a Simple Way to Have Our Backs: Apple Does but Google and Facebook Fall Shorthttps://www.eff.org/es/deeplinks/2017/07/requiring-judicial-review-every-gag-order-simple-way-have-our-backs-apple-does
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="normal">As a civil liberties organization, it’s our job to evaluate how tech companies handle our most private data and to encourage them to do better year over year. Our <a href="https://www.eff.org/who-has-your-back-2017">Who Has Your Back report</a> is designed to do both, which is one reason we revisit the report’s criteria every year—always striving to raise the bar.</p>
<p class="normal">In this post, we’ll highlight one of the new stars that does just that: “<a href="https://www.eff.org/who-has-your-back-2017#nsl-gag-orders">Stands up to NSL gag orders</a>.” To earn a star in this category, companies must publicly commit to invoking a new statutory procedure to have a judge review every indefinite National Security Letter (NSL) gag order the company receives.<a class="see-footnote" id="footnoteref1_cs7azeu" title="We have awarded this star to 12 companies on our report: Adobe, Airbnb, Apple, CREDO, Dropbox, Lyft, Pinterest, Slack, Sonic, Uber, Wickr, and Wordpress. 14 companies failed to earn the star: Amazon, AT&amp;T, Comcast, Facebook, Google, LinkedIn, Microsoft, Snap, T-Mobile, Tumblr, Twitter, Verizon, WhatsApp, and Yahoo." href="#footnote1_cs7azeu">1</a></p>
<p class="normal">The NSL as we know it today was created by the USA PATRIOT Act’s Section 505. These letters, served on communications service providers like phone companies and ISPs, allow the FBI to secretly demand data about anyone’s private communications and Internet activity without any meaningful oversight or prior judicial review. Recipients of NSLs are subject to a gag order that forbids them from ever revealing the letters' existence to their coworkers, their friends, or even their family members, much less the public.</p>
<p class="normal">Since 2011, <a href="https://www.eff.org/cases/re-matter-2011-national-security-letter">EFF has been fighting the NSL statute in court</a> on behalf of CREDO Mobile and Cloudflare. Our lawsuit argues that the gag orders attached to nearly every NSL—which the FBI is permitted to apply without any court involvement whatsoever—are unconstitutional prior restraints. In response to our suit, <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here">Congress included in the 2015 USA FREEDOM Act</a>, a process to allow providers to push back against those gag orders.</p>
<p class="normal">The new process gives technology companies a right to request judicial review of the gag orders accompanying NSLs (referred to as “reciprocal notice”). When a company invokes the reciprocal notice process, the government is required to bring the gag order before a judge within 30 days. The judge then reviews the gag order and either approves, modifies, or invalidates it. The company is permitted to appear in that proceeding and argue, but is not required to do so.</p>
<p class="normal">To be entirely clear, we don’t think reciprocal notice fixes the serious constitutional problems with NSLs. The First Amendment requires that when the government wants to impose a gag order, it must bear the complete burden of going to court and proving the gag is truly necessary. The government has attempted to avoid this requirement by making court review optional. Reciprocal notice doesn’t fix the constitutional problem with NSLs—it still requires the NSL recipient to stand up to the government and start the process. </p>
<p class="normal">The right thing for a company that receives an NSL with a gag order to do is to invoke the reciprocal notice procedure (flawed though it is) and make the government put the gag order before a judge. One of the primary arguments the government has made in EFF’s NSL lawsuit is that companies haven’t spoken out about NSLs and thus don’t care about being gagged. That’s simply <a href="https://www.eff.org/deeplinks/2016/12/chipping-away-national-security-letters-2016-review">false</a>, but unless companies continue to challenge these gag orders as often as possible, the government may get away with its specious argument.</p>
<p class="normal">To earn a star for this category, therefore, we ask companies to commit to invoking the new reciprocal notice procedure for every NSL they receive. We are <b>not</b> asking companies to file lawsuits in opposition to NSLs the way our clients did. We are only asking them to invoke the reciprocal notice provision in 18 U.S.C. § 3511(b)(1)(A). The statute explicitly envisions this role for the NSL recipient, and the Department of Justice has taken the position that this can be set in motion by a letter or phone call. Furthermore, reciprocal notice does not require an objection to the underlying information request contained in an NSL.</p>
<p class="normal">While this step won’t bring NSLs in line with the Constitution, the reciprocal notice process does at least provide a path toward transparency. But that path doesn’t mean much if the provider won’t walk it. While a handful of Silicon Valley giants including Apple, Dropbox, Pinterest, and Uber all committed to invoking reciprocal notice for every NSL, we’re disappointed that others, such as Google and Facebook choose only to confront NSL gag orders on a case-by-case basis. The NSL system is broken and companies should invoke reciprocal notice systematically.</p>
<p class="normal">Given that companies have every right to take this step to stand with their users, we’re sorry we couldn’t award more stars in this category. All of Silicon Valley should follow Apple’s lead, and demand that a judge sign off on every single gag order they receive.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_cs7azeu"><a class="footnote-label" href="#footnoteref1_cs7azeu">1.</a> We have awarded this star to 12 companies on our report: Adobe, Airbnb, Apple, CREDO, Dropbox, Lyft, Pinterest, Slack, Sonic, Uber, Wickr, and Wordpress. 14 companies failed to earn the star: Amazon, AT&amp;T, Comcast, Facebook, Google, LinkedIn, Microsoft, Snap, T-Mobile, Tumblr, Twitter, Verizon, WhatsApp, and Yahoo.</li>
</ul></div></div></div>Mon, 10 Jul 2017 19:02:02 +000096508 at https://www.eff.orgCommentaryPrivacyNational Security LettersNate CardozoAT&T, Verizon, Other Telco Providers Lag Behind Tech Industry in Protecting Users from Government Overreach, EFF Annual Survey Showshttps://www.eff.org/es/press/releases/att-verizon-other-telco-providers-lag-behind-tech-industry-protecting-users
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Amazon Fails To Follow, Much Less Lead in Privacy Best Practices, Facebook, Google, and Microsoft Fail to Promise They Will Stand Up to FBI Gag Orders</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal">San Francisco, California—While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an EFF annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">EFF’s seventh annual <i><a href="https://www.eff.org/who-has-your-back-2017">“Who Has Your Back”</a></i> report, released today, digs into the ways many technology companies are getting the message about user privacy in this era of unprecedented digital surveillance. The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we say, our political affiliations, our religion, and more.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">“This information is a magnet for governments seeking to surveil citizens, journalists, and activists. When governments do so, they need to follow the law, and users are increasingly demanding that companies holding their data enact the toughest policies to protect customer information,” said EFF Activism Director Rainey Reitman.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">EFF evaluated the public policies at 26 companies and awarded stars in five categories. This year EFF included two new categories: “promises not to sell out users,” and “stands up to NSL gag orders.” The first reflects our concern about the stated goal of several members of government to co-opt<span class="MsoCommentReference"><span> </span></span>tech companies to track people by their immigration status or religion. We awarded stars to companies that prohibit developers and third parties from capturing user data to assist governments in conducting surveillance.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">We also awarded stars to companies that exercise their right to make the government initiate judicial review of gag orders that prohibit them from publicly disclosing they have received a National Security Letter (NSL). NSLs—secret FBI demands for user information issued with no oversight from any court—permit the FBI to unilaterally gag recipients, a power EFF believes is unconstitutional. <span>Facebook, Google, and Microsoft have failed to promise to step up and exercise the right to have the government put NSL gag orders before a court.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal">Nine companies earned stars in every category this year: Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr, and Wordpress. Each has a track record of defending user privacy against government overreach and improved on their practices to meet the more stringent standards in this year’s <i>Who Has Your Back</i>.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">Two tech companies lagged behind in the industry: Amazon and WhatsApp, both of which earned just two stars. EFF’s survey showed that while both companies have done significant work to defend user privacy—EFF especially lauds WhatsApp’s move to adopt end-to-end encryption by default for its billion users around the world—their policies still lag behind. Online retail giant Amazon has been rated <a href="http://www.businesswire.com/news/home/20170222005462/en/Amazon-Customers-1-Corporate-Reputation-Ranking-23000">number one</a> in customer service, yet it hasn’t made the public commitments to stand behind its users’ digital privacy that the rest of the industry has.</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">AT&amp;T, Comcast, T-Mobile, and Verizon scored the lowest, each earning just one star. While they have adopted a number of industry best practices, like publishing transparency reports and requiring a warrant for content, they still need to commit to <span>informing users before disclosing their data to the government and creating a public policy of requesting judicial review of all NSLs.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>“T</span>he tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies—which serve as the pipeline for communications and Internet service for millions of Americans—are failing to publicly push back against government overreach,” said EFF Senior Staff Attorney Nate Cardozo. “Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”</p>
<p class="MsoNormal"></p>
<p class="MsoNormal">For the full report:<br /><a href="https://www.eff.org/who-has-your-back-2017">https://www.eff.org/who-has-your-back-2017</a></p>
<p class="MsoNormal">For more on <i>Who Has Your Back</i>:<br /><a href="https://www.eff.org/node/81897">https://www.eff.org/node/81897</a></p>
<p class="MsoNormal">For more on government surveillance:<br /><a href="https://www.eff.org/nsa-spying">https://www.eff.org/nsa-spying</a></p>
<p class="MsoNormal"> </p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Rainey</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Reitman</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Activism Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:rainey@eff.org">rainey@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Nate</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Cardozo</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:nate@eff.org">nate@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Mon, 10 Jul 2017 13:55:52 +000096499 at https://www.eff.orgKaren GulloEFF Sues DOJ For Records on Procedures for Ending NSL Gag Ordershttps://www.eff.org/es/press/releases/eff-sues-fbi-records-procedures-ending-nsl-gag-orders
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><span>San Francisco, California—The Electronic Frontier Foundation (EFF) <a href="https://www.eff.org/document/eff-v-doj-nsl-foia-complaint" target="_blank">sued</a> the Justice Department today to obtain records that can shed light on whether the FBI is complying with a Congressional mandate that it periodically review and lift National Security Letter (NSL) gag orders that are no longer needed.</span></p>
<p class="MsoNormal"><span>The FBI has issued as many as 500,000 NSLs since 2003. Despite Congress requiring the FBI in 2015 to review and terminate unwarranted gag orders, only a handful of companies and individuals have publicly disclosed receiving an NSL after being notified the FBI terminated the gag orders. </span></p>
<p class="MsoNormal"><span></span><span></span><a href="https://www.eff.org/issues/national-security-letters"><span>NSLs</span></a><span> are secret FBI demands to phone companies and Internet service providers for data about their customers’ communications and online activity. The letters are not subject to any meaningful oversight or court review and almost always come with a gag order. Companies receiving the letters are barred from telling customers their data is being sought and banned from publicly acknowledging or otherwise discussing the letters, potentially indefinitely.</span></p>
<p class="MsoNormal"><span>Following a </span><a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute"><span>ruling</span></a><span> in EFF’s lawsuit that NSL gags are unconstitutional, Congress enacted reforms in 2015 that require the bureau to review NSLs to determine whether the gag orders are still necessary, and terminate those that are not. The FBI established procedures under which a record keeping system generates reminders—when an NSL investigation closes or reaches the three-year anniversary of its initiation—that the gag order should be reviewed for possible termination.</span></p>
<p class="MsoNormal"><span>EFF sent a FOIA request to the FBI in September seeking records about the number of NSLs reviewed under these procedures, the number of reminders generated, the number of termination notices sent to NSL recipients, and how long it takes for a review to begin after a reminder is generated. In March the FBI said it had no such records. In a complaint filed today in San Francisco, EFF asked a court to order the FBI to disclose the requested records.<br /></span></p>
<p class="MsoNormal"><span>“Unilateral, indefinite NSL gag orders </span><a href="https://www.eff.org/press/releases/hearing-wednesday-national-security-letters-violate-first-amendment"><span>violate</span></a><span> the First Amendment rights of individuals and companies to speak out about government surveillance and inform customers about FBI demands for their data. The bureau’s procedures for lifting gag orders that are no longer needed do not fully address these constitutional concerns. Nevertheless, the public has an interest in knowing whether these procedures are being followed, and our FOIA request seeks to shed light on if the FBI is doing so,” said Andrew Crocker, EFF Staff Attorney.</span></p>
<p class="MsoNormal"><span>“We would have expected the FBI to respond to our FOIA request with records about the gag orders that we know have been lifted. The FBI’s response that it has no such records raises serious questions about whether the bureau is following Congress’ command to review NSL gag orders,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Gagging NSL recipients indefinitely is a draconian and overzealous use of surveillance power that prevents discussion and debate about government spying tools.”</span></p>
<p class="MsoNormal"><span>For the complaint:<br /><a href="https://www.eff.org/document/eff-v-doj-nsl-foia-complaint" target="_blank">https://www.eff.org/document/eff-v-doj-nsl-foia-complaint</a><br /></span></p>
<p class="MsoNormal"><span>For more about NSLs:<br /></span><span> <a href="https://www.eff.org/issues/national-security-letters" target="_blank">https://www.eff.org/issues/national-security-letters</a></span></p>
</div></div></div><div class="field field--name-field-tags field--type-taxonomy-term-reference field--label-above"><div class="field__label">Tags:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/tags/national-security-letters">National Security Letters</a></div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Aaron</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Mackey</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:amackey@eff.org">amackey@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Wed, 07 Jun 2017 17:26:27 +000096175 at https://www.eff.orgKaren GulloAdobe Puts an End to Indefinite Gag Orderhttps://www.eff.org/es/deeplinks/2017/04/adobe-puts-end-indefinite-gag-order
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a newly unsealed <a href="https://www.cacd.uscourts.gov/sites/default/files/documents/16mj2316-1.pdf">case</a> [.pdf], a Los Angeles federal court ruled that Adobe could not be indefinitely gagged about a search warrant ordering it to turn over the contents of a customer account.</p>
<p>This is important work by Adobe. Gag orders almost always violate the First Amendment; they prevent service providers from notifying users that the government is requesting their sensitive data and from being transparent about surveillance in general. And yet, providers receive indefinite gags with frustrating frequency. In most contexts, the government must do little to justify these gags and instead relies on rote invocations of national security and the sanctity of investigations.</p>
<p>The Adobe gag was issued under 18 U.S.C. § 2705(b), the same law Microsoft is <a href="https://www.eff.org/cases/microsoft-v-department-justice">challenging</a> as facially unconstitutional because it allows for indefinite gags.<a class="see-footnote" id="footnoteref1_e1p6so2" title="Section 2705(b) allows a court to issue a gag “for such period as the court deems appropriate.” There’s an interesting split of opinion on whether that language allows for indefinite gag, or whether the word “period” implies a finite limit. The court in Adobe’s case determined that periods can in fact be indefinite, which led to its First Amendment ruling. " href="#footnote1_e1p6so2">1</a> These arguments are also at the heart of EFF’s long-running <a href="https://www.eff.org/issues/national-security-letters">national security letter</a> (NSL) lawsuit, which <a href="https://www.eff.org/press/releases/hearing-wednesday-national-security-letters-violate-first-amendment">was argued</a> in the Ninth Circuit Court of Appeals last month.</p>
<p>Thankfully, the court in Adobe’s case recognized the serious harm to free speech these gags represent. It held that orders barring companies from notifying their users about government data requests are both prior restraints and content-based restrictions on speech subject to strict scrutiny. That’s a very high bar. The court found that the indefinite gag order imposed on Adobe fails strict scrutiny because the government could make “no showing[] that Adobe’s speech will threaten the investigation in perpetuity.”</p>
<p>The government’s attempts to save the Adobe gag order were nearly identical to arguments it made in our NSL litigation. It claimed gags don’t even implicate Adobe’s First Amendment rights because the company only wants to speak about information learned from the government, and that an indefinite gag was OK because Adobe could simply come to court when the need for a gag had passed. But on point after point, the court rejected these arguments. The First Amendment requires gag orders to be narrowly tailored, and Section 2705(b) orders and NSL gags come nowhere close to meeting that standard. As the court put it, “the fact that the speaker cannot know when the restriction's <i>‘raison d'etre </i>fades’ effectively equates to no tailoring at all.”</p>
<p>While the appeals court in our NSL case doesn’t have to follow this court’s lead, we think any First Amendment arguments that can be deployed against 2705(b) orders are doubly effective for NSLs. That’s because the FBI can issue indefinite NSL gags without even going before a court, as Section 2705(b) requires.</p>
<p>Adobe’s fight should demolish another of the government’s arguments in our NSL case: that providers don’t want to speak out about gags. Adobe <a href="https://www.adobe.com/legal/lawenforcementrequests/law-enforcement.html">promises</a> to notify its customers about government data requests in all cases unless “legally prohibited from doing so.” And it goes one step further, stating upfront that indefinite gags “are not constitutionally valid and we challenge them in court.” Following through on this promise gives lie to the unsupportable claim that providers don’t care to speak out on these issues.</p>
<p>Here’s hoping the days of indefinite gag orders are numbered.</p>
<div></div>
<ul class="footnotes"><li class="footnote" id="footnote1_e1p6so2"><a class="footnote-label" href="#footnoteref1_e1p6so2">1.</a> Section 2705(b) allows a court to issue a gag “for such period as the court deems appropriate.” There’s an interesting split of opinion on whether that language allows for indefinite gag, or whether the word “period” implies a finite limit. The court in Adobe’s case determined that periods can in fact be indefinite, which led to its First Amendment ruling. </li>
</ul></div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/microsoft-v-department-justice">Microsoft v. Department of Justice</a></div><div class="field__item odd"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div><div class="field__item even"><a href="/es/cases/re-national-security-letter-2013-13-80089">In re National Security Letter 2013 (13-80089)</a></div><div class="field__item odd"><a href="/es/cases/re-national-security-letter-2013-13-1165">In re National Security Letter 2013 (13-1165)</a></div></div></div>Mon, 24 Apr 2017 17:36:45 +000095719 at https://www.eff.orgLaw Enforcement AccessNational Security LettersAndrew CrockerHearing Wednesday: National Security Letters Violate the First Amendmenthttps://www.eff.org/es/press/releases/hearing-wednesday-national-security-letters-violate-first-amendment
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">EFF to Argue NSL Gag Orders Are Unconstitutional in San Francisco Appeals Court</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"></p>
<p>San Francisco – The Electronic Frontier Foundation (EFF) will urge an appeals court Wednesday to find that the FBI violates the First Amendment when it unilaterally gags recipients of national security letters (NSLs), and the law should therefore be found unconstitutional. The hearing is set for Wednesday, March 22, at 1:30pm in San Francisco.</p>
<p>EFF represents two communications service providers—CREDO Mobile and Cloudflare—that were restrained for years from speaking about the NSLs they received, including even acknowledging that they had received any NSLs. Early Monday, just days before the hearing, the FBI <a href="https://www.eff.org/document/notice-regarding-public-identification-nsl-recipients">finally conceded</a> that EFF could reveal that these two companies were fighting a total of five NSLs.</p>
<p>CREDO and Cloudflare have fought for years to publicly disclose their roles in battling NSL gag orders. Both companies won the ability to talk about some of the NSLs they had received several months ago, but Monday’s decision by the FBI allows them to acknowledge all the NSLs at issue in this case.</p>
<p>On Wednesday, EFF Staff Attorney Andrew Crocker will tell the United States Court of Appeals for the Ninth Circuit that these gags are unconstitutional restrictions on CREDO and Cloudflare’s free speech and that the FBI’s belated decision to lift some of the gags only underscores why judicial oversight is needed in every case. The gag orders barred these companies from participating in discussion and debate about government use of NSLs—even as Congress was debating changes to the NSL statute in 2015.</p>
<p>What:<br />
In re National Security Letters</p>
<p>Who:<br />
EFF Staff Attorney Andrew Crocker</p>
<p>Date:<br />
March 22<br />
1:30 pm</p>
<p>Where:<br />
Courtroom 3, 3rd Floor Room 307<br />
U.S. Court of Appeals for the Ninth Circuit<br />
James R. Browning U.S. Courthouse<br />
95 Seventh Street<br />
San Francisco, CA 94103</p>
<p>For the FBI notice allowing the companies to identify themselves:<br /><a href="https://www.eff.org/document/notice-regarding-public-identification-nsl-recipients">https://www.eff.org/document/notice-regarding-public-identification-nsl-recipients</a></p>
<p>For more on this case:<br /><a href="https://www.eff.org/issues/national-security-letters">https://www.eff.org/issues/national-security-letters</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Mon, 20 Mar 2017 16:52:39 +000095326 at https://www.eff.orgRebecca JeschkeRemember Dr. King—and What He Enduredhttps://www.eff.org/es/deeplinks/2017/01/remember-dr-king-and-what-he-endured
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Annual celebrations of the life and work of Reverend Dr. Martin Luther King, Jr. often lionize the civil rights era, rightfully focusing on its achievements. </p>
<p class="pull-quote">For 40 years, FBI Director J. Edgar Hoover presided over a <span>reign of intimidation and terror</span> across Washington.</p>
<p>But celebrations often overlook the federal government’s attempts to “neutralize” the movement. While we remember Dr. King’s many achievements today, we also must remember the <a href="https://www.eff.org/deeplinks/2014/02/history-surveillance-and-black-community">documented and unfounded vilification</a> by U.S. intelligence agencies that he, and others in the civil rights movement, endured.</p>
<p>As our nation approaches a new administration, led by a president-elect whose rhetoric has shown <a href="https://www.eff.org/deeplinks/2016/12/trump-and-his-advisors-surveillance-encryption-cybersecurity">little respect for constitutional limits</a> on executive power and armed with an entrenched surveillance state, that experience offers <a href="https://www.eff.org/deeplinks/2016/01/ike-had-dream-and-it-unfortunately-came-true">a prescient warning</a>.</p>
<p><b>A movement in Memoriam</b></p>
<p>The emergence of the <a href="http://www.history.com/topics/black-history/civil-rights-movement">civil rights movement</a> in the 1960s, its triumph over hate to establish desegregation and secure procedural voting rights, and the narrative of interracial struggle for justice—all reflect an inspiring legacy of a grassroots movement that aspired to hold America true to our founding values. As <a href="https://www.youtube.com/watch?v=_l7cKzld5oo">Dr. King succinctly exhorted</a>, the movement called on America to "Be true to what you said on paper." </p>
<p>The movement was subjected to brutal violence, both by the <a href="https://newsone.com/1602245/top-5-assassinations-black-leaders/">assassination of its leaders</a> and by the daily <a href="http://www.civilrights.org/publications/reports/long-road/policing.html?referrer=https://www.google.com/">brutality of police and vigilantes</a> reacting to the desegregation of public institutions. Dozens of civil rights activists from various backgrounds were <a href="https://en.wikipedia.org/wiki/Category:Assassinated_American_civil_rights_activists">murdered</a> during this era, alongside hundreds—if not thousands—of African-Americans as young as 14 year-old <a href="http://www.history.com/this-day-in-history/the-death-of-emmett-till">Emmitt Till</a> and 11 year-old <a href="http://www.history.com/topics/black-history/birmingham-church-bombing">Denise McNair</a>, whose church in Alabama was bombed by extremists using violent terror to oppose racial integration.</p>
<p>The risks confronting supporters of civil rights grew so acute that the Supreme Court in 1958, in <a href="https://supreme.justia.com/cases/federal/us/357/449/case.html"><i>NAACP v. Alabama</i></a>, granted members of organizations the right to anonymity under the association clause of the First Amendment. EFF cited that decision 55 years later, when we filed <a href="https://www.eff.org/cases/first-unitarian-church-los-angeles-v-nsa"><i>First Unitarian Church of Los Angeles v. NSA</i></a> to challenge the contemporary mass surveillance regime (which we have fought in court <a href="https://www.eff.org/cases/jewel">since 2008</a>) that turned the right to anonymity on its head.</p>
<p><b>Violent state suppression of speech</b></p>
<p>Throughout Dr. King's life, and for a decade (<a href="http://cispes.org/about-cispes/history/the-hunt-for-red-menace-the-fbi-probe-of-cispes">if not longer</a>) beyond it, the FBI pursued what members of the U.S. Senate in 1976 described as "<a href="http://www.ushrnetwork.org/sites/ushrnetwork.org/files/political_prisoners_summary.pdf">a sophisticated vigilante operation</a> aimed squarely at suppressing…First Amendment rights of speech and association." Those operations, described in internal FBI files as COINTELPRO, have been forgotten by many Americans, but represent a key to understanding why the specter of mass surveillance threatens not only privacy, but <a href="https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/">also democracy</a>.</p>
<p>For 40 years, FBI Director J. Edgar Hoover presided over a <a href="http://www.npr.org/2012/02/14/146862081/the-history-of-the-fbis-secret-enemies-list">reign of intimidation and terror</a> across Washington. Under his tenure, the FBI <a href="http://www.thedailybeast.com/articles/2011/08/02/fbi-director-hoover-s-dirty-files-excerpt-from-ronald-kessler-s-the-secrets-of-the-fbi.html">blackmailed members of Congress</a>, and infiltrated organizations seeking everything from international peace to <a href="http://womensenews.org/2015/03/ruth-rosen-compares-intimidation-then-and-now/">equal rights for women</a>.</p>
<p>The Bureau’s aim was not to guard national security from any external threat, but instead to “<a href="http://www.whatreallyhappened.com/RANCHO/POLITICS/COINTELPRO/COINTELPRO-FBI.docs.html">neutralize</a>” constitutionally protected domestic dissent and people using their rights—including Dr. King. In addition to bugging his hotel rooms, monitoring his movements, and recording his liaisons, the FBI also tried to break up Dr. King's marriage and <a href="https://www.eff.org/deeplinks/2014/11/fbis-suicide-letter-dr-martin-luther-king-jr-and-dangers-unchecked-surveillance">attempted to prompt his suicide</a>.</p>
<p>Many Americans reacted to <a href="http://www.cnn.com/2016/12/12/politics/harry-reid-james-comey-election/">seemingly politicized FBI disclosures</a> in the days before the 2016 presidential election with surprise. But the FBI has embroiled itself in partisan controversies since its very origins. From the <a href="https://www.britannica.com/topic/Palmer-Raids">Palmer Raids</a> through the <a href="http://www.justrememberthepast.com/the-red-scare-huac-and-mccarthyism.html">McCarthy era</a>, from the <a href="http://www.greenisthenewred.com/blog/truth-and-power-tv-series-animal-rights-terrorism/8625/">Green Scare</a> to its infiltration of <a href="http://articles.latimes.com/1995-05-30/news/mn-7622_1_united-farm-workers">labor organizing by farm workers</a>, the FBI has a long history of investigating and undermining constitutional rights in the context of political movements.</p>
<p>Under Hoover’s direction, the FBI achieved its written goal: the "neutralization" of domestic social groups speaking out to advance their views as protected by the First Amendment. Hoover's FBI achieved its goals with a fraction of the budget, staff—and none of the computing power—of the FBI today.</p>
<p><b>Continuing abuses</b></p>
<p>The story of the FBI's <a href="https://www.eff.org/foia/fbis-next-generation-identification-biometrics-database">Next Generation Initiative</a> provides a compelling example of how the Bureau’s access to technology has increased its ability to undermine rights in secret. Starting by collecting biometric data of arrestees from local police departments around the country, originally for the stated purpose of <a href="https://www.eff.org/deeplinks/2011/11/eff-joins-advocacy-organizations-criticizing-secure-communities">identifying undocumented immigrants</a> with criminal records eligible for fast track deportation proceedings, the FBI has built a fully operational facial recognition database including <a href="https://www.eff.org/deeplinks/2016/06/fbi-can-search-400-million-face-recognition-photos">over 400 million records</a> including biometric data of <a href="https://www.eff.org/deeplinks/2016/10/memo-doj-facial-recognitions-threat-privacy-worse-anyone-thought">over 115 million Americans</a>.</p>
<p>The Bureau’s aspiration to build a comprehensive biometrics database was kept secret for years, and became public knowledge only after a federal court in 2013 <a href="https://ccrjustice.org/home/what-we-do/our-cases/national-day-laborer-organizing-network-ndlon-v-us-immigration-and-customs">forced disclosure</a> of previously secret documents. Even after its plans became public, the FBI continued to <a href="https://www.eff.org/deeplinks/2016/05/fbi-ngi-privacyact">resist legal restraints</a>, lobbying for exemptions to federal privacy requirements.</p>
<p>The FBI’s biometrics bait &amp; switch is hardly unique. The Bureau played fast and loose with the facts again when claiming in 2016 that national security required it to <a href="https://www.eff.org/deeplinks/2016/02/apple-americans-and-security-vs-fbi">force Apple to create a hack</a> for a device platform that would place the security of <a href="https://www.eff.org/deeplinks/2016/03/apple-fight-about-all-us">millions of users</a> at risk. Then, as now, <a href="https://techcrunch.com/2016/03/24/the-hubris-of-investigators/">encryption keeps us safe</a>—whether from despotic regimes abroad (or at home), thieves, foreign state intelligence agencies, or the prying eyes of a neighbor. EFF was glad to see Apple choose user privacy over the ill-considered demands of intelligence agencies, and filed <a href="https://www.eff.org/files/2016/03/03/16cm10sp_eff_apple_v_fbi_amicus_court_stamped.pdf">an amicus brief</a> in support of Apple’s position, noting how the <a href="https://www.eff.org/deeplinks/2016/03/deep-dive-why-forcing-apple-write-and-sign-code-violates-first-amendment">FBI’s demands violated the First Amendment</a> in multiple ways.</p>
<p>Beyond hiding its biometric tracking scheme and trying to co-opt device manufacturers, the FBI has also helped extend secret surveillance across and throughout the U.S. For a decade, police departments around the U.S. deployed <a href="https://www.eff.org/sls/tech/cell-site-simulators">cell-site simulators</a> (also known as IMSI-catchers or Stingrays) to spy on local cell phone networks <a href="https://www.eff.org/deeplinks/2016/08/fcc-created-stingray-problem-now-it-needs-fix-it">without public oversight</a>.</p>
<p>Only after <a href="https://www.bloomberg.com/news/articles/2016-03-10/what-happens-when-the-surveillance-state-becomes-an-affordable-gadget">a jailhouse lawyer discovered</a> how the device had enabled authorities to identify him did the public learn about these devices, the <a href="https://theintercept.com/surveillance-catalogue/drt-1101b/">latest versions</a> of which are so powerful that they can hack phones, deny service, or plant malware on a device. While <a href="https://www.eff.org/deeplinks/2015/12/victories-california-and-virginia-alongside-setback-florida-2015-review">half a dozen states</a> and the <a href="https://www.justice.gov/opa/pr/justice-department-announces-enhanced-policy-use-cell-site-simulators">federal Department of Justice</a> now require police to secure a judicial warrant before using a cell site simulator, only <a href="https://www.eff.org/deeplinks/2016/08/illinois-sets-new-limits-cell-site-simulators">one state prohibits their offensive use</a>.</p>
<p>Throughout the decade that local police kept Stingrays secret from policymakers, they did so at the behest of <a href="https://www.theguardian.com/us-news/2015/apr/10/stingray-spying-fbi-phone-dragnet-police">FBI agreements</a> that required them to do so. The FBI imposed secrecy not only from the public, but even from judges. In multiple jurisdictions, <a href="http://money.cnn.com/2015/03/18/technology/security/police-stingray-phone-tracker/">FBI demands forced prosecutors</a> to abandon cases rather than disclose to courts the origins of their evidence as required by Due Process principles.</p>
<p>The FBI also conducts its own surveillance activities, using powers including <a href="https://www.eff.org/issues/national-security-letters">National Security Letters</a> (NSLs) that have long been <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/03/13/AR2008031302277.html">predictably abused</a> behind walls of secrecy. We are proud to have <a href="https://www.eff.org/deeplinks/2016/12/chipping-away-national-security-letters-2016-review">challenged</a> NSLs on behalf of organizational <a href="https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years">clients</a> who recently <a href="https://www.eff.org/deeplinks/2016/12/fighting-nsl-gag-orders-help-our-friends-credo-and-internet-archive">revealed</a> themselves after years of complying with illegitimate government gag orders that prevented them from <a href="http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html">informing Congress and the public</a> about their experience.</p>
<p><b>Will past prove prologue?</b></p>
<p>Many have voiced concerns that the FBI's entrenched intelligence apparatus could <a href="https://www.bloomberg.com/news/articles/2016-11-29/fbi-and-nsa-poised-to-gain-new-surveillance-powers-under-trump">expand under president-elect Trump</a>. Even more dangerous is the specter of its potential politicization, given Trump’s campaign statements reflecting his seeming <a href="https://www.theguardian.com/commentisfree/2016/nov/09/president-trump-national-security-nuclear-arsenal">eagerness</a> to use state intelligence to advance his own political ends.</p>
<p>If politicized, surveillance can insulate a system from accountability from critics and dissidents. That’s why the values offended by surveillance extend beyond privacy to also include <a href="http://www.salon.com/2016/11/27/donald-trumps-surveillance-state-all-the-tools-to-suppress-dissent-and-kill-free-speech-are-already-in-place/">dissent</a> and <a href="http://www.nytimes.com/2013/06/12/opinion/surveillance-a-threat-to-democracy.html">democracy</a>.</p>
<p>Communities organized around any number of pursuits—from advocacy to social services, recreation to religious practice—could find their opportunities dramatically diminished in an era when supporters must risk the ire of the state should they raise their voice. </p>
<p>Put another way: as long as the mass surveillance regime is available for the next (or any) administration to abuse, <a href="https://www.eff.org/deeplinks/2016/01/ike-had-dream-and-it-unfortunately-came-true">democracy hangs in the balance</a>. The system has <a href="https://www.washingtonpost.com/blogs/the-switch/wp/2013/08/24/loveint-when-nsa-officers-use-their-spying-power-on-love-interests">already been abused</a> by individual agents and contractors to, for instance, spy on their ex-wives and lovers. They may be the canaries in the coal mine. The continuing potential for recurring abuse poses a threat to our entire political system.</p>
<p><b>A crucial opportunity</b></p>
<p>Against this backdrop, Congress enters 2017 with a critical deadline looming before it. A statutory pillar of the NSA and FBI’s mass surveillance powers, <a href="https://www.eff.org/deeplinks/2016/06/end-702">Section 702</a> of the Foreign Intelligence Surveillance Act, is scheduled to expire at the end of the year. If Congress does nothing, the legal basis for the NSA’s <a href="https://www.eff.org/files/2014/07/24/backbone-3c-color.jpg">PRISM and Upstream</a> collection programs (from which raw, <a href="https://www.eff.org/deeplinks/2017/01/obama-expands-surveillance-powers-his-way-out">unfiltered data became available to the FBI</a> in the waning days of the Obama administration) will <a href="http://www.dailydot.com/layer8/fisa-section-702-surveillance-reauthorization-senate-judiciary-committee-announcement/">expire</a> on December 31.</p>
<p>In years past, Congress has responded to reauthorization deadlines facing surveillance powers in a predictable pattern. After <a href="https://www.washingtonpost.com/news/the-switch/wp/2013/10/11/patriot-act-author-there-has-been-a-failure-of-oversight/">ignoring its oversight responsibilities for years</a>, as the eleventh hour approaches before intelligence powers near their expiration, members cite national security concerns as a basis to ignore not only the need to conduct any oversight but also constitutional limits on executive power.</p>
<p>Congress has repeatedly extended executive surveillance powers without either determining whether they have actually helped security or how much they have <a href="http://www.pen-international.org/read-pen-american-centres-report-chilling-effects-nsa-surveillance-drives-writers-to-self-censor/">undermined democracy</a> by inhibiting participation in the political process. That pattern is poised to recur under the next administration. </p>
<p>Americans who share a stake in democracy can intervene to <a href="https://www.eff.org/deeplinks/2016/06/end-702">prevent these horrors</a> by raising our voices in concert. United resistance has <a href="https://www.eff.org/deeplinks/2017/01/everyone-made-themselves-hero-remembering-aaron-swartz">derailed congressional consensus</a> in the recent past, and also driven crucial (if incomplete) policy reform in 2015 when Congress enacted the <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here">USA Freedom Act</a>.</p>
<p>To fully honor Dr. King’s legacy, we must <a href="https://www.democracynow.org/2005/2/8/copyright_issues_block_broadcast_of_award">bear witness</a> not only to his courage, but also his vision, as well as his sacrifice. Rather than represent a comforting historical figure to assuage America of the burden to <a href="https://kinginstitute.stanford.edu/king-papers/documents/annotated-letter-birmingham-jail">realize our founding values</a> in practice, his example should sound a <a href="https://www.eff.org/electronic-frontier-alliance">clarion call to resistance</a>, a renewed commitment to hold America “<a href="https://www.youtube.com/watch?v=_l7cKzld5oo">true to what We said on paper</a>.”</p>
</div></div></div>Mon, 16 Jan 2017 14:15:34 +000094561 at https://www.eff.orgCommentaryBiometricsNational Security LettersNSA SpyingCell TrackingShahid ButtarFinally Revealed: Cloudflare Has Been Fighting NSL for Yearshttps://www.eff.org/es/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/01/10/og-nsl-reveal-cloudflare.gif" alt="EFF Fights National Security Letter on Behalf of Cloudflare" width="650" height="325" />We’re happy to be able to announce that Cloudflare is the second courageous client in EFF’s long-running lawsuit challenging the government’s unconstitutional national security letter (NSL) authority. <a href="https://www.cloudflare.com/">Cloudflare</a>, a provider of web performance and security services, just published its <a href="https://www.cloudflare.com/transparency/">new transparency report</a> announcing it <a href="https://blog.cloudflare.com/cloudflares-transparency-report-for-second-half-2016-and-an-additional-disclosure-for-2013-2/">has been fighting the NSL statute since 2013.</a></p>
<p>Like <a href="https://www.eff.org/press/releases/credo-confirms-its-center-long-running-NSL-fight">EFF’s other client, CREDO</a>, Cloudflare took a stand against the FBI’s use of unilateral, perpetual NSL gag orders that resulted in a secret court battle stretching several years and counting. The litigation—seeking a ruling that the NSL power is unconstitutional—continues, but we’re pleased that we can at long last publicly applaud Cloudflare for fighting on behalf of its customers. Now more than ever <a href="https://www.eff.org/deeplinks/2016/12/how-tech-companies-can-fight-their-users-courts">we need the technology community to stand with users in the courts</a>. We hope others will follow Cloudflare’s example.</p>
<p>Late last Friday, the government filed a <a href="https://www.eff.org/document/16-16082-notice-court-concerning-nsl">public notice</a> with the U.S. Circuit Court of Appeals for the Ninth Circuit identifying Cloudflare as an NSL recipient and EFF’s client in the lawsuit. The notice explains that the FBI determined it no longer needed to gag Cloudflare in conjunction with an NSL issued in early 2013.</p>
<p>Under the USA FREEDOM Act of 2015, the FBI is required to periodically review outstanding NSLs and lift gag orders on its own accord if circumstances no longer support a need for secrecy. As we’ve seen, this periodic review process has recently resulted in some <a href="https://www.eff.org/deeplinks/2016/12/chipping-away-national-security-letters-2016-review">very selective transparency by the FBI</a>, which has nearly complete control over the handful of NSL gags it retracts, not to mention the hundreds of thousands it leaves in place. Make no mistake: this process is irredeemably flawed. It fails to place on the FBI the burden of justifying NSL gag orders in a timely fashion to a neutral third party, namely a federal court. Nevertheless, Cloudflare’s fight demonstrates that it is not unreasonable to require the FBI to relinquish some of its customary secrecy in national security cases.</p>
<p>The revelation of Cloudflare’s participation in our lawsuit follows <a href="https://www.eff.org/press/releases/credo-confirms-its-center-long-running-NSL-fight">the identification of CREDO as EFF’s other client</a> last November. In CREDO’s case, the district court found that the FBI had failed to justify the need for the gag orders connected to two NSLs also issued in 2013.</p>
<p>But EFF’s fight against NSLs is by no means over. Our consolidated lawsuits remain on appeal in the Ninth Circuit, where we continue to argue that the entire NSL scheme is unconstitutional. The First Amendment requires that any gag order imposed by the executive branch be quickly evaluated by a court and demands that the government meet a high burden of justifying the gag. The FBI’s desultory removal of its unilateral NSL gags comes nowhere close to satisfying this standard. Oral argument has been scheduled in San Francisco for the week of March 20; we look forward to making these arguments there and then.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/re-national-security-letter-2013-13-1165">In re National Security Letter 2013 (13-1165)</a></div></div></div>Tue, 10 Jan 2017 23:25:02 +000094479 at https://www.eff.orgNational Security LettersAndrew CrockerLibrarians, Act Now to Protect Your Users (Before It’s Too Late)https://www.eff.org/es/deeplinks/2016/12/librarians-act-now-protect-your-users-its-too-late
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Books checked out from a library and terms searched on library computers can reveal a teenager’s questions about sexual orientation, a neighbor’s religious leanings, or a student’s political interests. Libraries across the country, particularly public libraries, make it part of their mission to serve the most vulnerable and underserved user groups, including users who are homeless, unemployed, or recent migrants or refugees. And when government agents come looking, these library users need librarians to <a href="https://www.theguardian.com/books/2016/nov/30/library-user-data-government-surveillance-donald-trump">have their back.</a></p>
<p>Libraries and librarians <a href="https://www.thenation.com/article/librarians-versus-nsa/">have long been</a> stalwart guardians of the rights of free expression and inquiry. As part of their <a href="http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/privacy">profession</a>, librarians protect their users’ ability to access even the most controversial information and ideas free from government scrutiny. Since the passage of the Patriot Act in particular, librarians have <a href="https://www.theguardian.com/us-news/2016/jan/13/us-library-records-purged-data-privacy">purged user records</a> when necessary to fight against unconstitutional government demands and <a href="https://www.eff.org/press/releases/internet-archive-received-national-security-letter-fbi-misinformation-about">pushed back</a> against (unconstitutional) National Security Letters (NSLs). Librarians also stood with EFF and the ACLU when we worked to pass the <a href="https://www.eff.org/press/archives/2011/10/03">California Reader Privacy Act</a> in 2011.</p>
<p>With the recent election of President-elect Donald Trump, many libraries are rightfully worried about a renewed threat to their users’ privacy. If the incoming administration sticks to its promises to identify and <a href="http://www.npr.org/sections/thetwo-way/2016/11/13/501921177/donald-trump-says-hell-deport-2-3-million-people-once-in-office">deport millions of people</a>, <a href="http://www.nytimes.com/politics/first-draft/2015/11/20/donald-trump-says-hed-absolutely-require-muslims-to-register/">monitor individuals</a> based on their religious beliefs, and <a href="http://www.politico.com/blogs/on-media/2016/02/donald-trump-libel-laws-219866">expand libel laws</a>, for example, libraries could receive unprecedented government requests for information on their users.</p>
<p>To that end, we recommend libraries ensure they’re taking the following steps as soon as possible to protect their users’ intellectual privacy. In addition, libraries have to think beyond their own actions and take steps to ensure that all of their third-party vendors provide the same level of protections to users that libraries themselves do.</p>
<h3>1. Limit collection and retention of user information</h3>
<p>The less information you collect about your users, the less you have to surrender. The best policy is to collect the minimum amount of information necessary to provide a particular service, and don’t retain that information any longer than necessary. For example, delete check-out information as soon as a book is returned. Further, make a regular habit of purging your logs (including circulation records, event attendance records, computer use and activity logs, search records, Wi-Fi connection logs, database searches, etc.) using a <a href="https://ssd.eff.org/en/module/how-delete-your-data-securely-mac-os-x">secure</a> <a href="https://ssd.eff.org/en/module/how-delete-your-data-securely-windows">deletion</a> utility. If you do need to retain certain records—for example, usage records for resource allocation or funding advocacy—then follow best practices to de-identify and anonymize them to the greatest extent possible.</p>
<p>When you do collect user information, make sure your users are notified about that information collection and offered the option to affirmatively opt in. Further limit data collection by allowing pseudonymous or anonymous use of library services wherever possible. For example, allow people to use library computers without a personalized login, and don’t require logins on library web services unless it’s necessary to access a user account. Similarly, leave the library Wi-Fi network open, don’t keep logs of IP addresses, and ensure your network deletes connection logs immediately after log-off.</p>
<p>Make sure library operated websites and services aren’t logging user IP addresses, and if so, purge them quickly and regularly. Educate users about any differences between services provided in the library versus those services accessed remotely—for example, services accessed via library computers will only see the library’s IP address, while remotely accessing services can expose a user's own IP address.</p>
<h3>2. Maintain policies and procedures for responding to government requests and for notifying users of requests received</h3>
<p>Communicate with users about how you will respond to requests for their information. Government requests for information may come in a variety of forms, from simple requests without a warrant or court order, to subpoenas, warrants, and NSLs. Policies must clearly dictate how library staff should respond to each of these requests. Make sure your staff knows how to handle requests for user information.</p>
<p>Note that, without a warrant, court order, or NSL, libraries are generally not required to provide user information, and may refuse to comply. While search warrants may be carried out immediately, all government requests for information may be examined by library counsel for legal defects. If you receive a request for patron information you should contact an attorney. EFF stands ready to help libraries sort through their options when they receive suspect legal process.</p>
<p>Policies should also address how and when users will be notified of government requests for information. In response to government requests accompanied by a gag order, some libraries, like the <a href="https://www.eff.org/cases/2016-internet-archive-nsl">Internet Archive</a> and the Library Connection, have fought to lift the gag. Again, EFF stands ready to assist.</p>
<h3>3. Maintain accurate, accessible privacy policies, and notify users when they change</h3>
<p>A library’s privacy policy should, at a minimum, tell users what types of information are collected, how long that information is stored, how it may be used, and who may access it under what conditions. Users should be immediately notified of any changes to library privacy policies, and should have an opportunity to opt in to continued use of affected services.</p>
<p>But the library’s privacy policy alone may not cover all of the catalogs, databases, e-books, checkout systems, and other third-party services a user may encounter in the library. At a minimum, users should be alerted when they are interacting with a third-party vendor, and should be notified of those vendors’ privacy policies. Libraries should also allow users the opportunity to affirmatively opt in to services that do not allow the same privacy protections as the library—or, even better, wherever possible libraries should require third-party vendors to match their privacy practices. (See EFF’s <a href="https://www.eff.org/policy">privacy policy</a> as an example.)</p>
<h3>4. Use HTTPS for your whole website at all times, and push your vendors to do the same</h3>
<p>While many libraries already use HTTPS on parts of their websites, this strategy is <a href="https://www.eff.org/deeplinks/2015/05/what-every-librarian-needs-know-about-https">ineffective</a> at securing user information. Use a service like <a href="https://certbot.eff.org/">Certbot</a> to migrate your <em>entire</em> website to HTTPS, and push your third-party vendors—including e-book vendors—to do the same. Without such protections, your users’ information may be at risk in-transit and vulnerable to anyone logged onto the same network.</p>
<p>In addition, you should limit the use of cookies used to track users’ preferences and activities. If your website does use cookies, allow users to affirmatively opt in to accept the cookie. Don’t condition access to your site on acceptance.</p>
<h3>5. Secure library computer browsers</h3>
<p>Unsecure browsers can leak information about what users are doing online—including the searches they run and websites they visit—providing a <a href="http://www.slate.com/articles/technology/future_tense/2016/07/the_fbi_should_need_a_warrant_to_access_your_browser_history.html">detailed picture</a> of their online activity. Library computers should default to browsers with built-in privacy protections, like Mozilla Firefox or Google Chrome. Enable privacy-protective tools and extensions like EFF’s <a href="https://www.eff.org/privacybadger">Privacy Badger</a> and <a href="https://www.eff.org/https-everywhere%20">HTTPS Everywhere</a>, and update both the browsers and extensions whenever an update becomes available.</p>
<h3>6. Require third-party vendors to match library privacy practices for patron data</h3>
<p>As noted above, libraries today use an increasing number of third-party vendors who have access to user data. Libraries must work to ensure that their third-party vendors adopt practices and policies in line with libraries’ own privacy policies. Third-party services can track, collect data about, and analyze user behavior—and that information can in turn be demanded by law enforcement. This can include highly sensitive user information, like name and account identifiers, IP addresses, demographic information, search history, and reading history.</p>
<p>Librarians can also take control of how they use and present third-party services, including configuring default settings in as privacy-protective a manner as possible and conducting regular reviews of privacy practices and options.</p>
<p>In addition, analytical and behavioral profiling services can pose particular risks for users—producing detailed records of users’ identities, reading habits, and behaviors. Avoid allowing these services to access user information without obtaining users' explicit, opt-in consent.</p>
<h3>Looking to libraries</h3>
<p>As the new administration takes office in January, we will need librarians more than ever. We need them to safeguard our access to information and our intellectual privacy. We need them to limit the amount and specificity of data available about users. We need them to fight back against government requests for user information.</p>
<p>And now it’s essential that all librarians go beyond these crucial steps to consider the full range of threats to their users’ privacy, and act to protect that privacy in a changing environment. We applaud libraries for the work they’re already doing, and urge the entire library community to take additional action before it’s too late.</p>
</div></div></div>Mon, 05 Dec 2016 15:46:33 +000094050 at https://www.eff.orgNational Security LettersPrivacyFree SpeechGennie GebhartKerry SheehanInternet Archive Received National Security Letter with FBI Misinformation about Challenging Gag Orderhttps://www.eff.org/es/press/releases/internet-archive-received-national-security-letter-fbi-misinformation-about
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Potentially Thousands of Communication Providers Received Bad Instructions for Fighting Secrecy Provisions</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The <a href="http://blog.archive.org/2016/11/28/the-archive-receives-new-nsl-from-fbi">Internet Archive</a> <a href="https://www.eff.org/document/national-security-letter-sent-internet-archive">published</a> a formerly secret national security letter (NSL) today that includes misinformation about how to contest the accompanying gag order that demanded total secrecy about the request. As a result of the Archive’s challenge to the letter, the FBI has agreed to send clarifications about the law to potentially thousands of communications providers who have received NSLs in the last year and a half.</p>
<p>The NSL issued to the Archive said the library had the right to “make an annual challenge to the nondisclosure requirement.” But in 2015, Congress updated the law to allow for more than one request a year, so that communications providers could speak out about their experience without unneeded delay. Represented by the Electronic Frontier Foundation (EFF), the Archive <a href="https://www.eff.org/document/archives-response-nsl">informed</a> the FBI that it did not have the information the agency was seeking and pointed out the legal error. The FBI agreed to drop the gag order in this case and allow the publication of the NSL.</p>
<p>“The free flow of information is at the heart of the Internet Archive’s work, but by using national security letters in conjunction with unconstitutional gag orders, the FBI is trying to keep us all in the dark,” said Brewster Kahle, founder and digital librarian of the Internet Archive. “Here, it’s even worse: that secrecy helped conceal that the FBI was giving all NSL recipients bad information about their rights. So we especially wanted to make this NSL public to give libraries and other institutions more information and help them protect their users from any improper FBI requests.”</p>
<p>The Archive received this NSL in August, more than a year after Congress changed the law to allow more gag order challenges. In its <a href="https://www.eff.org/document/government-withdrawal-nsl">letter</a> removing the gag order, the FBI acknowledged that it issued other NSLs that included the error, and stated that it will inform all recipients about the mistake. Given that the FBI has said that it issued about 13,000 NSLs last year, thousands of communications providers likely received the false information, and potentially delayed petitioning the court for the right to go public.</p>
<p>“The opaque NSL process—including the lack of oversight by a court—makes it very vulnerable to errors of law. Add to that the routine use of gags and enforced secrecy, and those errors become difficult to find and correct,” said EFF Staff Attorney Andrew Crocker. “We are grateful to the Internet Archive for standing up to the FBI and shining some light on this error. We hope that others who receive the correction will also step forward to have their gags lifted and shine more light on these unconstitutional data collection tools.”</p>
<p>This is the second NSL that the Internet Archive has published after battling with the FBI. In 2007, the Archive <a href="https://www.eff.org/press/archives/2008/05/06">received an NSL </a>that exceeded the FBI’s authority to issue demands to libraries. With help from EFF and the American Civil Liberties Union (ACLU), the FBI withdrew the letter and agreed to let the Archive go public in May of 2008.</p>
<p>But many gag orders are still in place. Yesterday, <a href="https://www.eff.org/press/releases/credo-confirms-its-center-long-running-NSL-fight">CREDO Mobile confirmed</a> it was at the center of EFF's long-running fight against NSLs after a three-year-old gag order was finally revoked. Along with CREDO's case, EFF is litigating <a href="https://www.eff.org/press/releases/briefing-unsealed-court-battle-over-national-security-letters">two other challenges</a> to NSL gag orders on behalf of communications providers who are still gagged.</p>
<p>For the national security letter published by the Internet Archive:<br /><a href="https://www.eff.org/document/national-security-letter-sent-internet-archive">https://www.eff.org/document/national-security-letter-sent-internet-archive</a></p>
<p>For more on the fight against NSLs:<br /><a href="https://www.eff.org/deeplinks/2016/12/fighting-nsl-gag-orders-help-our-friends-credo-and-internet-archive">https://www.eff.org/deeplinks/2016/12/fighting-nsl-gag-orders-help-our-friends-credo-and-internet-archive</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Internet</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Archive</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:info@archive.org">info@archive.org</a></div></div></div> </div>
</div>
</div></div></div>Thu, 01 Dec 2016 20:09:13 +000093953 at https://www.eff.orgRebecca JeschkeCREDO Confirms It’s at Center of Long-Running Legal Fight Over NSLshttps://www.eff.org/es/press/releases/credo-confirms-its-center-long-running-NSL-fight
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Mobile Provider Battled Gag Order That Forced It to Keep Customers in the Dark </div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - CREDO Mobile representatives confirmed today that their company was at the center of the long-running legal battle over the constitutionality of national security letters (NSLs), and published the letters the government sent three years ago.</p>
<p>The Electronic Frontier Foundation (EFF) has represented CREDO in this matter since 2013—and the case, bundled with two other NSL challenges, has reached the United States Court of Appeals for the Ninth Circuit. Until now, CREDO was under a gag order, preventing CREDO officials from identifying the company or discussing their role in the case. In March, a district court <a href="https://www.eff.org/press/releases/ruling-unsealed-national-security-letters-upheld-constitutional">found</a> that the FBI had failed to demonstrate the need for this gag, and struck it down pending an appeal by the government. But earlier this month, the government decided to drop its appeal of that order, leaving CREDO free to talk about why the legal challenge is important to the company and its customers.</p>
<p>“A founding principle of CREDO is to fight for progressive causes we believe in, and we believe that NSLs are unconstitutional. These letters, and the gag orders that came with them, infringed our free speech rights, blocking us from talking to our members about them or discussing our experience while lawmakers debated NSL reform,” said Ray Morris, CREDO CEO. “We were proud to fight these NSLs all these years, and now we are proud to publish the letters and take full part in the ensuing debate.”</p>
<p>The NSLs statutes have been highly controversial since their use was expanded dramatically by the PATRIOT Act in 2001. Soon after that, internal reviews by the Department of Justice found that they had been widely misused. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers, nearly always accompanied by a gag order. That prevents recipients from notifying users about the NSL or even discussing the letter at all.</p>
<p>While the government has stopped pursuing the NSL gag orders on CREDO in this case, EFF’s two other NSL challenges are still being litigated in the appeals court. EFF’s clients—who still must remain secret—argue that they are being unconstitutionally barred from discussion and debate about government use of NSLs and surveillance reform.</p>
<p>“The FBI issues NSL demands for customer information without a warrant or any court supervision, and slaps on a gag order to make it hard for anyone to complain,” said EFF Staff Attorney Andrew Crocker. “The years-long fight in this case demonstrates the difficulty of challenging these orders, and we’re grateful to CREDO for stepping up for its customers and the public to fight these NSLs.”</p>
<p>CREDO Mobile has been in business for 31 years, originally as Working Assets. CREDO believes in bringing social change through every day acts of commerce. Since its founding, it’s donated $81 million to progressive causes.</p>
<p>For the NSLs to CREDO:<br /><a href="https://www.eff.org/document/redacted-national-security-letter-1">https://www.eff.org/document/redacted-national-security-letter-1</a><br /><a href="https://www.eff.org/document/redacted-national-security-letter-2">https://www.eff.org/document/redacted-national-security-letter-2</a></p>
<p>For more on this case:<br /><a href="https://www.eff.org/cases/re-national-security-letter-2013-13-80089">https://www.eff.org/cases/re-national-security-letter-2013-13-80089</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Wed, 30 Nov 2016 21:12:20 +000093982 at https://www.eff.orgRebecca JeschkeDebunking the Patriot Act as It Turns 15https://www.eff.org/es/deeplinks/2016/10/debunking-patriot-act-it-turns-15
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2016/10/26/og-patriotact.jpg" alt="" height="325" width="650" /></p>
<p>The Patriot Act turns 15 today, but that’s nothing to celebrate.</p>
<p>Since President George W. Bush signed this bill into law on October 26, 2001, the Patriot Act has been ardently defended by its supporters in the intelligence community and harshly criticized by members of Congress, the tech industry, and privacy advocates like us. Despite the debates that have unfolded over the last 15 years, including last year’s reforms through the USA FREEDOM Act, there’s still a lot to learn about this controversial law.</p>
<p>Introduced in the wake of the terrorist attacks on September 11, 2001, the Patriot Act opened up new justifications and methods for U.S. surveillance. In recent years, the debate around the law has focused on the sweeping phone records surveillance exposed by former NSA contractor Edward Snowden in 2013, but there are many aspects to the statute and how it came to be that are unfamiliar to many.</p>
<p>In honor of the law’s 15th anniversary, here are 15 things you might not know about the Patriot Act.</p>
<ol><li><strong>Congress did not give the Patriot Act the time or debate it deserved</strong> – Only 45 days passed between the Sept. 11, 2001 attacks and the day Bush signed the Patriot Act into law. “No one has really had an opportunity to look at the bill to see what is in it,” Rep. Bobby Scott <a href="https://sunlightfoundation.com/blog/2009/03/02/congress-had-no-time-to-read-the-usa-patriot-act/">said</a> at the time. The 363-page bill was considered on the House floor the same day it was introduced, leapfrogging over deliberation in the committees with jurisdiction. It passed the Senate the next day and was signed into law the following day. That expedited timeline gave members of Congress<span>—f</span>earful of looking un-American in the wake of national tragedy<span>—</span>little time to read, understand, and debate what they were voting on.</li>
<li><strong>The Patriot Act isn’t just about fighting terrorism</strong> – While it was discussed largely in the context of fighting terrorism, some of the tools that came out of the law are almost exclusively used in cases that have nothing to do with terrorism. For instance, the so-called <a href="https://www.good.is/articles/the-most-important-chart-about-the-patriot-act-you-ll-see?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A%20good%2Flbvp%20%28GOOD%20Main%20RSS%20Feed%29">sneak-and-peek search warrants</a> standardized in the law are used overwhelmingly in domestic drug investigations. Those Delayed Notice warrants allow law enforcement to secretly enter and search private premises.</li>
<li><strong>The U.S. government collected Americans’ phone records in bulk long before using the Patriot Act for justification</strong> – The NSA’s sweeping phone record collection surveillance program under Section 215 of the Patriot Act was hardly the first time the U.S. collected American phone records. For decades, the Drug Enforcement Administration <a href="http://www.usatoday.com/story/news/2015/04/07/dea-bulk-telephone-surveillance-operation/70808616/">tracked</a> Americans’ international phone calls under a wholly unrelated provision of law. Even the NSA’s phone record program <a href="http://usatoday30.usatoday.com/news/washington/2006-05-10-nsa_x.htm">existed</a> for years before the Bush administration first <a href="https://projects.propublica.org/graphics/surveillance-timeline">sought approval</a> in 2006 from the Foreign Intelligence Surveillance Court to use Section 215 to justify that program.</li>
<li><strong>Surveillance under the Patriot Act goes far beyond your phone company</strong> – Section 215 dramatically expanded the “business records” provision of the Foreign Intelligence Surveillance Act. Although it was most notoriously used for the NSA’s call record program and was reformed by the USA FREEDOM Act, despite those reforms, the provision still allows the FBI to obtain records from any type of business, including your car rental company, your school, or your employer.</li>
<li><strong>You don’t need to be suspected of committing a crime to be spied on under some provisions of the Patriot Act</strong> – Under some provisions of the Patriot Act, all the FBI needs to show is that the surveillance is “relevant” to its investigation<span>—</span>a term we know the FBI has interpreted <a href="https://www.eff.org/deeplinks/2015/05/eff-case-analysis-appeals-court-rules-nsa-phone-records-dragnet-illegal">extremely broadly</a> in the past. Although USA FREEDOM Act’s changes to the law may rein in future abuses of the statute, we still don’t have the full story about how the law has been used previously.</li>
<li><strong>In practice, the law’s National Security Letters (NSLs) are not the precise, fine-toothed tools they’re made out to be</strong> – Patriot Act defenders say the often-secret NSLs<span>—</span>the uses of which were expanded in the law<span>—</span>are used in a tailored way to get the communications of specific individuals who are tied to national security investigations. But in practice, the law is stretched by the FBI, a problem that is compounded by the excessive secrecy the FBI imposes on recipients. For instance, the FBI in 2003 <a href="http://www.washingtonpost.com/wp-dyn/content/article/2005/11/05/AR2005110501366.html">reportedly</a> used NSLs and subpoenas to collect information from airlines and casino operators about the almost 300,000 people in Las Vegas for New Years that year.</li>
<li><strong>Parts of the Patriot Act have been ruled unconstitutional</strong> – The Patriot Act dramatically expanded the FBI’s authority to issue NSLs, and federal courts have struck down these provisions as unconstitutional on several occasions. The most recent of these rulings came in 2013 after a <a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute">lawsuit</a> from EFF. In that ruling, Judge Susan Illston said the mandated secrecy around the NSLs violates the First Amendment.</li>
<li><strong>Despite reforms, the fight over NSLs is ongoing</strong> – In response to EFF’s landmark victory, Congress amended the NSL statute yet again as part of the 2015 USA FREEDOM Act. However, many of the controversial NSL provisions from the Patriot Act remain in place, and the FBI continues to issue thousands of NSLs every year. In 2016, a court <a href="https://www.eff.org/deeplinks/2016/04/disappointing-ruling-national-security-letters-not-last-word">upheld</a> this new version of the statute, but EFF appealed, and the fight is currently ongoing in the Ninth Circuit.</li>
<li><strong>The Patriot Act added a huge swath of people to the FBI’s DNA database</strong> – <a href="https://www.cga.ct.gov/2003/olrdata/jud/rpt/2003-R-0411.htm">Section 503</a> of the law made it so that the DNA of anyone convicted of a violent crime<span>—</span>including assault, threatening violence or burglary<span>—</span>is entered into the DNA database that the FBI uses in terrorism investigations.</li>
<li><strong>The Patriot Act expanded the power of the government to use wiretaps to go after computer crimes</strong> – One provision in the law, <a href="https://apps.americanbar.org/natsecurity/patriotdebates/act-section-202">Section 202</a>, gave law enforcement the authority to get wiretaps for investigations into violations of the Computer Fraud and Abuse Act, the vague federal anti-hacking law that prosecutors often use to escalate charges and penalties.</li>
<li><strong>The law’s “critical” <a href="https://apps.americanbar.org/natsecurity/patriotdebates/lone-wolf">lone wolf provision</a> isn’t as critical as officials would like you to believe</strong> – In calling for the reauthorization of the three Patriot Act authorities that temporarily expired in 2015, U.S. officials called those provisions critical for protecting national security. But intelligence officials admitted in 2015 that one of the three authorities<span>—</span>the “lone wolf” provision<span>—</span>has never actually been used. The provision authorizes the government to spy on someone who they suspect is involved with terrorist activities but does not have known ties to terrorist groups.</li>
<li><strong>The USA FREEDOM Act didn’t “fix” the Patriot Act</strong> – The U.S. government moved in the <a href="https://www.eff.org/deeplinks/2015/04/new-usa-freedom-act-step-right-direction-more-must-be-done">right direction</a> when Congress passed and Obama signed into law the USA FREEDOM Act in 2015. That bill took some positive steps towards reining in the controversial phone data surveillance program under Section 215 of the Patriot Act, but it left most of the existing law untouched, including other authorities that raise privacy concerns.</li>
<li><strong>Even after the USA FREEDOM Act, the NSA casts a wide net when looking for Americans’ phone records</strong> – The U.S. government made a series of changes to its phone records program in response to outrage after Snowden’s leaks in 2013, including having the phone companies, rather than the government, store the records and limiting how wide a net the government can cast when looking for phone records. But they didn’t narrow it enough when they limited their searches to <a href="https://www.aclu.org/blog/are-two-hops-too-many">two degrees of separation</a>, which still sweeps in a huge number of people. If you and a suspected terrorist order pizza from the same pizza delivery place<span>—</span>or, more invasively, see the same mental health professional<span>—</span>the NSA can see how often and when you call.</li>
<li><strong>The Patriot Act is just the tip of the iceberg when it comes to troubling, privacy-invasive government surveillance authorities</strong> – Although the Patriot Act, along with the Foreign Intelligence Surveillance Act, have been at the center of recent years’ debates over government surveillance and privacy concerns, the law is only one of many things the government cites when justifying its surveillance. Also in the intelligence community’s toolbox are <a href="https://www.washingtonpost.com/opinions/meet-executive-order-12333-the-reagan-rule-that-lets-the-nsa-spy-on-americans/2014/07/18/93d2ac22-0b93-11e4-b8e5-d0de80767fc2_story.html?utm_term=.12d885d55791">Executive Order 12333</a><span>—</span>issued by President Ronald Reagan in 1981<span>—</span>and the <a href="https://www.aclu.org/blog/cisa-isnt-about-cybersecurity-its-about-surveillance">Cybersecurity Information Security Sharing Act</a> passed by Congress in 2015.</li>
<li><strong>The law has built-in reset buttons to ensure that we keep talking about these expansive surveillance powers</strong> – Congress included language in the Patriot Act to ensure that lawmakers would have to reconsider the law every few years. USA FREEDOM passed in 2015 as parts of the law were expiring. The next sunset will be at the end of 2019, giving lawmakers, civil liberties groups and privacy-minded Americans another shot to rein in widespread government surveillance.</li>
</ol><p>EFF has been fighting against abuses of the Patriot Act since it first passed, and we’ll continue fighting in the courts and on the Hill. To help us in those fights, <a href="https://supporters.eff.org/donate/pab">donate to EFF today</a>.</p>
</div></div></div>Wed, 26 Oct 2016 18:17:40 +000093626 at https://www.eff.orgCommentaryPATRIOT ActPrivacyNational Security LettersKate TummarelloBriefing Unsealed in Court Battle Over National Security Lettershttps://www.eff.org/es/press/releases/briefing-unsealed-court-battle-over-national-security-letters
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">EFF Argues that NSL Secrecy Violates First Amendment and Chills Debate on Government Surveillance</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - An appeals court published redacted briefing by the Electronic Frontier Foundation (EFF) today arguing that national security letters (NSLs) and their accompanying gag orders violate the free speech rights of companies who want to keep their users informed about government surveillance.</p>
<p>EFF represents two service providers in challenging the NSL statutes in front of the United States Court of Appeals for the Ninth Circuit. Most of the proceedings have been sealed since the case began five years ago, but some redacted documents have been released after government approval.</p>
<p>“Just this week we’ve seen Open Whisper Systems—the company behind the Signal messaging service—successfully fight a government gag order attached to a subpoena for customer information. Meanwhile, Yahoo is facing criticism for allowing the government wide-ranging access to its users’ communications,” said EFF Staff Attorney Andrew Crocker. “Our clients want to join this conversation, using their own experiences as a basis to talk about what kind of government surveillance is appropriate and what reform is needed—but NSL gags prevent them from doing so. We’re asking the court to strike down this unconstitutional statute so we can have the robust and inclusive debate that this issue deserves.”</p>
<p>The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers. In this case and nearly all others, the NSL is issued in conjunction with a gag order, preventing the companies from notifying users of the demand or discussing the letter at all. Congress changed some parts of the statute in 2015, but retained the basic elements of the gags. In fact, EFF’s clients still cannot identify themselves publicly or share their experiences as part of the debate over government surveillance of technology services.</p>
<p>“Our clients want to be able to issue accurate transparency reports and talk to their customers about how they try to defend users from overreaching government investigations,” Crocker said. “But instead, the FBI instituted indefinite gag orders to shield its demands for information. This is an unconstitutional restriction of our clients’ First Amendment rights.”</p>
<p>For the full redacted brief:<br /><a href="https://www.eff.org/document/16-16067-opening-brief-redacted">https://www.eff.org/document/16-16067-opening-brief-redacted</a></p>
<p>For more on national security letters:<br /><a href="https://www.eff.org/issues/national-security-letters">https://www.eff.org/issues/national-security-letters</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Fri, 07 Oct 2016 19:36:52 +000093456 at https://www.eff.orgRebecca JeschkeCanary Watch – One Year Laterhttps://www.eff.org/es/deeplinks/2016/05/canary-watch-one-year-later
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="western">We announced <a href="https://canarywatch.org/">Canary Watch</a> a year ago as a coalition project <a href="https://canarywatch.org/faq.html">to list Warrant Canaries</a> and monitor them for changes or removal. Canary Watch was a joint project, with EFF, Freedom of the Press Foundation, NYU Law, Calyx and the Berkman Center.</p>
<p class="western"><img src="/files/styles/medium/public/2016/05/23/canary-logo.png?itok=KWRkKWHM" width="220" height="220" alt="Canary Watch Logo" class="image-medium image-left" />Along the way, the project has been part of the massive popularization of the concept: we began with just eleven canaries listed, and now just a year later we have almost seventy. In the course of tracking those, we have learned many lessons about the different types of canaries that are present on the web, as well as what happens when a canary goes away.</p>
<p class="western">In that way, the Canary Watch project has been a major success, and we’ve decided that it has achieved the goals we set out for it. As of today we will no longer accept submissions of new canaries or monitor the existing canaries for changes or take downs.</p>
<p class="western">Transparency reports and warrant canaries have an important role to play in the fight against illegal and unconstitutional national security process, including National Security Letters and other secret court processes. We have not received any court orders or government requests to shut down the Canary Watch project. Rather, all of the members of the Canary Watch coalition have come to the agreement that the project has run its course and has come to a natural ending point.</p>
<p class="western">Over the course of the project, we have learned some things about the nature of canaries on the Web which are important for anyone working with warrant canaries or doing activism around them.</p>
<h2 class="western">The Number of Warrant Canaries Is Increasing</h2>
<p class="western">We started with eleven canaries; within four months that number grew to fifty; at the end of the project there were almost seventy warrant canaries in the Canary Watch database, with requests to add dozens more. In the last month the number of searches for warrant canaries grew by an order of magnitude. This is likely thanks in large part to the disappearance of reddit's warrant canary from their 2016 transparency report. The last year has, without a doubt, been a banner year for awareness of warrant canaries.</p>
<p class="western">
</p><p></p><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2016/05/23/warrantcanaryinterest.png" width="689" height="282" alt="" title="" /><p class="caption-text">Search frequency for the term “Warrant canary” since 2007</p></div></div></div>
<h2 class="western">Warrant Canaries Provide Interesting, But Not Definitive Information</h2>
<p class="western">Since July of 2013 Pinterest has been publishing a warrant canary which simply read "National Security: 0" as a part of their quarterly <a href="https://help.pinterest.com/en/articles/transparency-report">transparency report</a>. In 2015, Pinterest's number of national security requests changed from 0 to 0-249, reported for January to June, and July to December (instead of quarterly). What prompted this move? Under <a href="https://www.law.cornell.edu/uscode/text/50/1874">the law</a>, a company that has received a national security request can report in bands of 250, starting at 0, semiannually. Thus, there is certainly the strong implication that Pinterest did receive a national security request, because it would have otherwise have continued to report 0.</p>
<p class="western">Yet, in our time working with Canary Watch we have seen many canaries go away and come back, fail to be updated, or disappear altogether along with the website that was hosting it. Until the gag orders accompanying national security requests are struck down as unconstitutional, there is no way to know for certain whether a canary change is a true indicator. Instead the reader is forced to rely on speculation and circumstantial evidence to decide what the meaning of a missing or changed canary is.</p>
<p class="western"></p>
<p></p>
<h2 class="western">Warrant Canaries Can Be Fickle</h2>
<p class="western">We also observed warrant canaries behaving in unexpected ways. Sometimes a canary would have subtle changes in language or grammar, which can be hard to interpret. Other canaries would regularly change what URL they were located at, and for others domains these URL changes were sudden and unexpected. Canaries often were not updated at all, or were updated several days or weeks late. Sometimes the warrant canary, along with the entire website would disappear without explanation or reason, and sometimes just the warrant canary would disappear and come back later, unchanged. All of this uncertainty caused numerous false alarms, which made it difficult to monitor warrant canaries. Additionally, this chaos served as a further demonstration of how difficult it is to interpret what it means when a warrant canary changes.</p>
<h2 class="western">Warrant Canaries Come In Many Shapes and Sizes</h2>
<p class="western">One of the most surprising things that we have learned over the course of the Canary Watch project is that almost every canary is unique. We have seen canaries that were in PDFs, plaintext, HTML, and even images. We have seen canaries that were integrated into the website banner and canaries which were only available on Github. We have seen canaries that are signed using GPG, canaries that are part of a transparency report, canaries that include the day's weather and top news headlines. We have seen canaries that are updated on a daily basis and canaries which are updated once per year. We have seen canaries that were created once and then never updated again. Again, the fact that canaries are non-standard makes it difficult to automatically monitor them for changes or takedowns.</p>
<p class="western">The major strides in our understanding about the nature and current status of warrant canaries and national security letters mean Canary Watch has definitely been a success. Moreover, it raised awareness and contributed to an important policy debate that is now well underway. In contrast to the uncertainty a year ago, it now seems that the Internet at large can offer robust and decentralized monitoring of warrant canaries; the rapid spread of the news when reddit’s canary disappeared is a testament to that fact.</p>
<p class="western">Finally we would like to give a huge thank you to our coalition partners on this project for the last year: The Calyx Institute, Freedom of the Press Foundation, The Berkman Center, and the NYU School of Law.</p>
</div></div></div>Wed, 25 May 2016 21:58:59 +000091770 at https://www.eff.orgAnnouncementNational Security LettersCooper QuintinRuling Unsealed: National Security Letters Upheld As Constitutionalhttps://www.eff.org/es/press/releases/ruling-unsealed-national-security-letters-upheld-constitutional
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">EFF Will Appeal to Protect First Amendment Rights</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - A federal judge has <a href="/document/redacted-order">unsealed</a> her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the <a href="/issues/national-security-letters">NSL</a> statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.</p>
<p>“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”</p>
<p>This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a <a href="/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">groundbreaking decision</a>, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.</p>
<p>In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.</p>
<p>“We are extremely disappointed that the superficial changes in the NSL statutes were determined to be good enough to meet the requirements of the First Amendment,” said EFF Staff Attorney Andrew Crocker. “NSL recipients still can be gagged at the FBI’s say-so, without any procedural protections, time limits or judicial oversight. This is a prior restraint on free speech, and it’s unconstitutional.”</p>
<p>The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, without any judge’s approval—can issue a secret letter to communications service providers, requiring the service to turn over subscriber and other basic non-content information about their customers. The gag orders that the FBI routinely issues along with an NSL have hampered discussion and debate about the process.</p>
<p>For the full unsealed order:<br /><a href="https://www.eff.org/document/redacted-order">https://www.eff.org/document/redacted-order</a></p>
<p>For more on National Security Letters:<br /><a href="//www.eff.org/issues/national-security-letters"> https://www.eff.org/issues/national-security-letters</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Kurt</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Opsahl</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Deputy Executive Director and General Counsel</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:kurt@eff.org">kurt@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Thu, 21 Apr 2016 16:37:00 +000091319 at https://www.eff.orgRebecca JeschkeJustice Delayed: Ninth Circuit Sends EFF’s NSL Cases Back for Consideration Under USA FREEDOMhttps://www.eff.org/es/deeplinks/2015/08/justice-delayed-ninth-circuit-sends-effs-nsl-cases-back-consideration-under-usa
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal">Often overlooked in discussions of the USA FREEDOM Act <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here" target="_blank">passed</a> in June are the <a href="https://www.eff.org/deeplinks/2015/06/how-usa-freedom-impacts-ongoing-nsa-litigation">changes made to the National Security Letter (NSL) statute</a>. The law addresses some of the more obvious problems with NSLs but fails, by a long shot, to bring them up to the standard required by the U.S. Constitution. Most critically, USA FREEDOM did not fix the problem of overbroad, potentially eternal gag orders or the fact that the NSL statute relegates the court to little more than a rubber stamp.</p>
<p class="MsoNormal">Sadly, in a <a href="https://www.eff.org/document/9th-circuit-order-remanding-case" target="_blank">ruling</a> made public last week, the U.S. Court of Appeals for the Ninth Circuit in San Francisco used these minimal USA FREEDOM Act changes as cause for another delay in considering the constitutionality of NSLs in two of EFF’s <a href="https://www.eff.org/issues/national-security-letters">flagship cases</a>.</p>
<p class="MsoNormal">The result is that the gag orders, which have already muzzled our clients for several years, will continue into the foreseeable future. The gags have prevented our clients from participating fully in the debate around USA FREEDOM and will continue to prevent them from participating in the ongoing public debate about national security surveillance in general and NSLs in particular with the power and authority that comes from speaking as a recipient. </p>
<p class="MsoNormal">While we’re extremely disappointed, we will continue to push forward to get the gags lifted, allow our heroic clients to speak freely, and seek to have the NSL statute declared unconstitutional. </p>
<p class="MsoNormal"><b>What are NSLs and How Did USA FREEDOM (Not) Change Them?</b></p>
<p class="MsoNormal">The NSL statutes allow the government, based only on the FBI’s authority, to <a href="https://www.eff.org/issues/national-security-letters/faq">issue a secret letter to communications service providers</a>, including telephone and Internet services. The letter requires providers to turn over subscriber and other basic non-content information about their customers. No judge is involved.</p>
<p class="MsoNormal">If that weren’t bad enough, NSLs also allow the government to place a gag on the recipient providers, preventing them from telling their affected customers about the request, but also preventing them from telling the public that they’ve even received a letter. This prior restraint violates the First Amendment.</p>
<p class="MsoNormal"><b>EFF’s Heroic, Unnamed Clients</b></p>
<p class="MsoNormal">EFF currently <a href="https://www.eff.org/press/releases/media-alert-oral-arguments-effs-national-security-letter-case">represents two service providers</a> in First Amendment challenges to the statutes, which raise questions of the substance of the laws and also the incredibly overbroad gag provisions. One of our clients has now been gagged since 2011—over 4 years—from discussing even the fact that it received a letter; the other has been gagged for over 2 years.</p>
<p class="MsoNormal">EFF scored <a href="https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">a groundbreaking victory</a> against the unconstitutional NSLs in 2013. A federal district court here in San Francisco held that the NSL statutes were unconstitutional on several grounds, chiefly that they violate the First Amendment. The injunction was stayed pending appeal, and it seemed that the decision stood a good chance of being upheld after the appellate argument in October 2014 (<a href="http://www.ca9.uscourts.gov/media/view.php?pk_id=0000013407">audio</a>).</p>
<p class="MsoNormal">But then the executive branch asked Congress to include some superficial changes in USA FREEDOM. These changes basically codify parts of a procedure the FBI was already using after a previous ruling in New York, while not bringing its actual practices to the level required by the First Amendment.</p>
<p class="MsoNormal"><b>What Didn’t USA FREEDOM Do</b></p>
<p class="MsoNormal">USA FREEDOM did very little to the core of these statutes. As we <a href="https://www.eff.org/document/under-seals-supplemental-brief-re-usa-freedom-act">argued to the Ninth Circuit</a> after USA FREEDOM passed, the law still:</p>
<p class="MsoListParagraphCxSpFirst">· Creates a <i>prior restraint</i> on our clients that doesn’t follow the procedural protections created by the seminal Supreme Court case <a href="https://scholar.google.com/scholar_case?case=5133094020488688451&amp;q=freedman+v.+maryland&amp;hl=en&amp;as_sdt=2003"><i>Freedman v. Maryland</i></a>. Under <i>Freedman</i>, the First Amendment requires the government to seek prior judicial approval for a gag and requires a “prompt” decision by the court, a standard that has plainly been violated here by the years-long gag on our clients. While the law does require a so-called “reciprocal notice” practice—one that the government had already voluntarily adopted—even that procedure fails to meet constitutional standards. It still doesn’t require the government to seek judicial review first or limit the time frame for review. It also still gives the court very little leeway to review the government’s decision to issue a gag.</p>
<p class="MsoListParagraphCxSpMiddle">· Allows the government to gag recipients based upon the mere assertion that a harm “may result,” a boundless, subjective term rather than a showing that the gag is objectively and definitely “necessary” to prevent a harm.</p>
<p class="MsoListParagraphCxSpMiddle">· Authorizes overbroad, open-ended gags, preventing even a general statement that the recipient has received an NSL. Even under USA Freedom, there is no specific provision causing the gag to expire when any threat has ended, instead punting to the government to create new procedures for review “at appropriate intervals,” a term entirely defined by the government.</p>
<p class="MsoListParagraphCxSpLast">· Still allows the government to self-issue NSLs with no prior judicial review, in violation of the First and Fifth Amendments.</p>
<p class="MsoNormal">Even though EFF <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here">was neutral on USA FREEDOM</a>, and even supported earlier versions, we were clear that the law did not do enough to reform the intelligence community. NSLs were one of the ways that the law fell short. Even so, the Ninth Circuit’s decision to delay a final decision in these cases is especially disappointing to us and to our clients. After years of intense litigation, our clients remain under an unconstitutional gag and, in a turn of events only Kafka could love, they were unable to participate in a meaningful way in the Congressional debate about whether they should be gagged. Their ongoing inability to speak despite congressional action is a testament to the necessity of applying the Constitution and ensuring speedy judicial review. Speedy or not, we’ll fight on.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div><div class="field__item odd"><a href="/es/cases/re-national-security-letter-2013-13-80089">In re National Security Letter 2013 (13-80089)</a></div><div class="field__item even"><a href="/es/cases/re-national-security-letter-2013-13-1165">In re National Security Letter 2013 (13-1165)</a></div></div></div>Mon, 31 Aug 2015 15:48:50 +000087569 at https://www.eff.orgNational Security LettersNSA SpyingCindy CohnKurt OpsahlCanarywatch.org Reaches 50 Canaries With the Addition of First Look Mediahttps://www.eff.org/es/deeplinks/2015/06/canarywatchorg-reaches-50-canaries-addition-first-look-media
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We’re excited to announce that <a href="https://canarywatch.org/">Canarywatch</a> has added its 50th canary: <a href="https://firstlook.org/canary">First Look Media</a>, the parent company for <i>The Intercept</i>—the news site created by journalists Glenn Greenwald, Laura Poitras, and Jeremy Scahill.</p>
<p>"Warrant canary" is a colloquial term for a regularly published statement that an internet service provider (ISP) has not received legal process that it would be prohibited from saying it had received, such as a <a href="https://www.eff.org/issues/national-security-letters">national security letter</a>.</p>
<p>Canarywatch.org is a collaboration between EFF, the<a href="http://cyber.law.harvard.edu/"> Berkman Center for Internet and Society,</a> New York University’s <a href="http://www.law.nyu.edu/academics/clinics/semester/technologylawandpolicy">Technology Law &amp; Policy Clinic</a>, and the <a href="https://calyxinstitute.org/">Calyx Institute</a>. The goal of <a href="https://www.eff.org/deeplinks/2015/01/eff-joins-coalition-launch-canarywatchorg">Canarywatch</a> is to educate people about warrant canaries, gather all the canaries we know of in one place, and help people with a special interest in canaries track them.</p>
<p>It’s been five months since Canarywatch launched, and since then the coalition has been inundated with submissions. The site initially launched with only 12 canaries. But since then, not only has Canarywatch had submissions of canaries we may not have known about, we’ve also seen some major sites, like <a href="http://blog.cheezburger.com/community/cheezburger-inc-2014-transparency-report/">Cheezburger.com</a> and <a href="https://www.defcon.org/html/links/dc-transparency.html">DEF CON</a> add canaries—some of them with direct references to Canarywatch.</p>
<p>First Look Media couldn’t be a more appropriate 50th canary. The publication launched last year with the <a href="https://firstlook.org/theintercept/about/">short-term goal</a> of “providing a platform to report on the documents previously provided by NSA whistleblower Edward Snowden.” The site even published a blog post entitled “<a href="https://firstlook.org/theintercept/2015/01/28/how-to-leak-to-the-intercept/">How to Leak to the Intercept</a>”, explaining how whistleblowers can use tools like Tor and SecureDrop. First Look has now taken the step of providing transparency of what national security requests the company has not received.</p>
<p>We’re thrilled that more and more companies are publishing canaries, and Canarywatch will keep adding them to the site as quickly as possible. If you know of a canary we’ve missed, please <a href="https://canarywatch.org/submission.html">let Canarywatch know</a> about it. If you’re an ISP considering publishing a canary or have received legal process, you can contact <a href="mailto:info@eff.org">info@eff.org</a> if you would like help finding counsel.</p>
</div></div></div>Wed, 03 Jun 2015 17:08:55 +000086197 at https://www.eff.orgCommentaryNational Security LettersDia KayyaliWhen Is a Justice Department Rule Not a Rule? Report From Twitter's Transparency Fight https://www.eff.org/es/deeplinks/2015/05/when-justice-department-rule-not-rule-report-recent-hearing-twitters-lawsuit
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>When is a government rule not a rule? Making that question difficult, when it should be simple, seems to be the government’s leading strategy in a hearing this week in <a target="_blank" href="https://g.twimg.com/blog/blog/attachments/Complaint.pdf">Twitter Inc.’s lawsuit</a> challenging the government’s squelching of its transparency report. Twitter wants to provide a closer look at how often federal agents are demanding private user data for surveillance, and part of its suit fights back against the government's rules on what it can and cannot publish. But the Justice Department has asked a federal judge in Oakland to dismiss portions of Twitter’s lawsuit because, it says, the rules the government cited in denying Twitter the ability to be more transparent aren’t really <i>rules</i>. They’re more like guidelines, the agency says. If you’re having flashbacks about ''Pirates of the Caribbean'' and a certain Captain Barbossa, you’re not alone. More on that later.</p>
<p><strong> Background</strong></p>
<p>Twitter filed its lawsuit in October, 2014, after it was <a target="_blank" href="https://blog.twitter.com/2014/continuing-our-fight-for-more-transparency">prohibited</a> from publishing a transparency report that would give its users a more complete picture of how many times the government—armed with orders from a secret court and the FBI—demanded customer information for national security surveillance. Specifically Twitter wanted to publish the actual aggregate number of spy agency data demands it received in the last half of 2014 and more precise information about the specific types of demands it got. The FBI said no, that information is classified. Importantly, the government said that the only way for Twitter to tell what was classified and what wasn't—in other words, the rules for what can be published and was cannot—was by reference to<a target="_blank" href="http://www.justice.gov/iso/opa/resources/366201412716018407143.pdf"> a letter </a>by the Justice Department Deputy Attorney General (DAG). That letter says that companies can only express the number of information demands they received in a ranges of 0 to 250 for aggregate national security requests.</p>
<p>The letter was sent to five technology companies that had sued over the right to publish information about national security requests. Twitter wasn’t a party in that case, but the government told Twitter that it was nonetheless limited by rules spelled out in the DAG letter.</p>
<p>In its lawsuit, Twitter argues that so sharply restricting what it can say about information of global public concern is a <a target="_blank" href="https://blog.twitter.com/2014/taking-the-fight-for-transparency-to-court">violation of free speech </a>rights, challenging the secrecy provisions of government Foreign Intelligence Surveillance Act (FISA) requests and FBI <a target="_blank" href="https://www.eff.org/issues/national-security-letters/faq">national security letters</a> (NSLs). EFF filed an <a target="_blank" href="https://www.eff.org/document/amicus-brief-26">amicus brief</a> in the case backing Twitter on behalf of two unnamed companies fighting the NSL gag provisions—a case before the United States Court of Appeals for the Ninth Circuit <a href="https://www.eff.org/cases/re-national-security-letter-2013-13-1165">right now</a>. The complaint also maintains that applying the DAG letter requirements to Twitter violates the Administrative Procedures Act (APA), <a target="_blank" href="http://www.archives.gov/federal-register/laws/administrative-procedure/">a law</a> that mandates federal agencies seek public comment and follow other procedures when making <i>rules </i>and permits courts to block regulations that were not properly promulgated.</p>
<p><strong>DOJ’s Strange Argument that Rules Aren’t Actually Rules</strong></p>
<p>That last claim was center stage at Wednesday's argument. The Justice Department lawyers asked<a target="_blank" href="http://www.cand.uscourts.gov/ygr"> U.S. District Judge Yvonne Gonzalez Rogers </a>in Oakland to throw out the APA challenge, saying the rules set forth in the DAG letter about what companies can disclose aren’t actually rules. They’re guidelines, said DOJ attorney Steven Bressler. He used an example of a portrait covered by a curtain and said that the DAG letter, far from being rules for Twitter, was merely a description of how the government had drawn the ''curtain back in part'' on otherwise classified information to let companies describe national security-related requests. But, he claimed, the DAG letter didn’t necessarily reflect the full amount of information that the law allowed to be revealed.</p>
<p>Gonzalez Rogers took issue with Bressler’s characterization, saying the DAG letter to tech companies established not mere guidelines, but a "protocol" defining ''specifically what they could do and how they could do it," indicating that to her, they sound quite a lot like rules. Bressler then said the DAG letter set forth a ''safe harbor,'' but that compliance with that letter wasn’t necessarily the only way one could comply with the law. ''Isn’t that exactly what it’s been used for now?" Gonzalez Rogers asked. Twitter sought to disclose information, ''and the response was—you cannot. See the DAG letter,'' Gonzalez Rogers said.</p>
<p>Why does the characterization of the DAG letter as a rule or just guidance matter? If Gonzalez Rogers decides that it’s a rule created without proper procedures and transparency, she should invalidate it. But if the Justice Department succeeds in convincing the court that the letter just sets out advisory guidelines and not enforceable rules, then there is nothing for Twitter to challenge—Twitter cannot challenge a mere suggestion made by the government. But the government could continue to use the letter as a way to coerce companies to not fully disclose the number of national security requests they receive, even though the First Amendment, and the NSA law itself, may permit them to disclose more. As the mythical Captain Barbossa said in ''Pirates of the Caribbean'' about keeping one’s word under the pirates’ code, ''<a target="_blank" href="http://piratesonline.wikia.com/wiki/Pirate%27s_Code">the code</a> is more what you’d call guidelines than actual rules."</p>
<p><strong>DOJ Says Send it to the Secret Court</strong></p>
<p>In addition to the ''rules are not rules'' argument, the Justice Department also asked Gonzalez Rogers to defer ruling on many of Twitter’s claims to the Washington-based Foreign Intelligence Surveillance Court or <a target="_blank" href="http://www.fisc.uscourts.gov/">FISC</a>. This is the secret court that was originally designed to merely approve individual surveillance orders in national security cases. The government’s argument is that since the laws that the government is using to gag it are generally applied by the FISC in the context of specific orders, the court should make Twitter go to the FISC to ask for relief from the gags. The problem with this argument is that, for purposes of this case, there is no evidence that Twitter is actually subject to any secret FISC orders—the government wants the court to defer to the secret court because such order <i>might </i>exist, despite the clear law providing that the secret court does not have the exclusive right to interpret the law applicable in national security cases. </p>
<p>Google and four other companies filed petitions with the FISC in 2013 for permission to publish more details about national security-related requests, which led to the DAG letter. DOJ lawyer Julia Berman told Gonzalez Rogers that no other party challenging a FISC order had filed suit in district court. The judge responded by saying courts are ''on relatively new ground in these cases,'' and asked whether the FISC, a court of very limited jurisdiction that almost always <a target="_blank" href="http://www.motherjones.com/mojo/2013/06/fisa-court-nsa-spying-opinion-reject-request">sides </a>with the government, had ever issued an opinion on broad First Amendment rights. It hadn’t, Berman said, which was the first time we’ve ever heard the government admit that the FISC has never really grappled broadly with the First Amendment issues raised by the national security gags.</p>
<p><strong>DOJ Says Dismiss Because It Might Win EFF’s NSL Case</strong></p>
<p>Finally, the government sought to have Twitter’s claim about the NSL gag provisions dismissed now, despite the Ninth Circuit’s <a target="_blank" href="https://www.eff.org/press/releases/media-alert-oral-arguments-effs-national-security-letter-case">pending consideration</a> of those provisions, because the Ninth Circuit <i>might</i> reverse the landmark ruling that EFF obtained that the NSL statutes are unconstitutional. Twitter argued, rightly, that the court need not take any action to dismiss claims on the off chance that another decision by a sister court will be reversed.</p>
<p>Gonzalez Rogers didn’t say when she’ll rule on the Twitter case. We hope she’ll find that the DAG letter is a rule, it’s invalid, and that Twitter’s challenge to the government’s unconstitutional restraint on free speech and transparency can proceed. </p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/twitter-v-holder">Twitter v. Holder</a></div></div></div>Fri, 08 May 2015 21:02:17 +000085802 at https://www.eff.orgPrivacyNational Security LettersNSA SpyingKaren GulloEFF Joins Coalition to Launch Canarywatch.orghttps://www.eff.org/es/deeplinks/2015/01/eff-joins-coalition-launch-canarywatchorg
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>"Warrant canary" is a colloquial term for a regularly published statement that an internet service provider (ISP) has not received legal process that it would be prohibited from saying it had received, such as a <a href="https://www.eff.org/issues/national-security-letters">national security letter</a>. The term "warrant canary" is a reference to the <a href="http://en.wikipedia.org/wiki/Animal_sentinel">canaries</a> used to provide warnings in coalmines, which would become sick from carbon monoxide poisoning before the miners would—warning of the otherwise-invisible danger. Just like canaries in a coalmine, the canaries on web pages “die” when they are exposed to something toxic—like a secret FISA court order.</p>
<p><a href="https://canarywatch.org/" title="canarywatch.org" target="_blank"><img src="/files/2015/02/02/canary-watch-graphic.png" width="326" height="197" alt="" class="image-right" /></a>Warrant canaries rely upon the legal theory of compelled speech. Compelled speech happens when a person is forced by the government to make expressive statements they do not want to make. Fortunately, the First Amendment protects against compelled speech in most circumstances. In fact, we’re not aware of any case where a court has upheld compelled false speech. Thus, a service provider could argue that, when its statement about the legal process received is no longer true, it cannot be compelled to reissue the now false statement, and can, instead, remain silent. So far, no court has addressed this issue.</p>
<p>But if you’re not paying attention to a specific canary, you may never know when it changes. Plenty of providers don’t have warrant canaries. Those that do may not make them obvious. And when warrant canaries do change, it’s not always immediately obvious what that change means.</p>
<p>That’s why EFF has joined with a coalition of organizations, including the<a href="http://cyber.law.harvard.edu/"> Berkman Center for Internet and Society,</a> New York University’s <a href="http://www.law.nyu.edu/academics/clinics/semester/technologylawandpolicy">Technology Law &amp; Policy Clinic</a>, and the <a href="https://calyx.net/">Calyx Institute</a> to launch <a href="https://www.canarywatch.org/">Canarywatch.org.</a> The Calyx Institute runs and hosts Canarywatch.org.</p>
<p>Canarywatch lists the warrant canaries we know about, tracks changes or disappearances of those canaries, and allows users to <a href="https://www.canarywatch.org/submission.html">submit canaries</a> not listed on the site. For people with interest in a particular canary, the site will show any changes we know about. The page’s <a href="https://www.canarywatch.org/faq.html">FAQ</a> explains the mechanics and legal theories underpinning warrant canaries. It also has an <a href="https://www.canarywatch.org/about.html#anatomy">anatomy of a canary</a> that, since canaries come in so many different forms, helps anyone understand what they’re seeing when they look at a particular canary.</p>
<p>Warrant canaries are a unique tool ISPs have to provide users with more transparency about the government requests they do, and do not, receive. We hope the site will educate, improve the usefulness of warrant canaries for the general public, and help people with a special interest in canaries track them.</p>
</div></div></div>Mon, 02 Feb 2015 20:04:54 +000084332 at https://www.eff.orgNational Security LettersNSA SpyingDia KayyaliMore Time in the Spotlight for NSLs : 2014 in Reviewhttps://www.eff.org/es/deeplinks/2014/12/2014-national-security-letters-spotlight
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><a href="https://www.eff.org/deeplinks/2014/11/2014-year-review"><img src="/files/2014/12/19/2014-year-review.jpg" alt="" class="image-right" height="242" width="461" /></a>Last year, EFF took a <a href="https://www.eff.org/deeplinks/2013/12/2013-review-eff-convinces-court-declare-national-secruity-letters-unconstitutional">huge step</a> toward eliminating a highly problematic government surveillance tool—<a href="https://www.eff.org/issues/national-security-letters">national security letters</a> (NSLs). EFF clients won a major victory when a district court found that the NSL gag provision, which allows the government to bar recipients from speaking about NSLs without judicial review, is a prior restraint on speech in violation of the First Amendment. 2014 was a year of critical next steps and increasing attention for these often overlooked—but <a href="https://www.eff.org/deeplinks/2014/10/two-reports-about-fbis-use-national-security-letters-reissued">heavily used</a> (and sometimes <a href="https://www.eff.org/deeplinks/2008/04/eff-issues-report-abuse-national-security-letter">abused</a>)—tools.</p>
<p>On October 8, 2014, the United States Court of Appeals for the Ninth Circuit heard oral <a href="http://www.ca9.uscourts.gov/media/view.php?pk_id=0000013407">argument</a> in the government's appeal of the district court’s 2013 <a href="https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">decision</a>. At argument, the court asked whether this gag order would bar recipients such as EFF’s clients from engaging in political debate about NSL reform. In contrast to its earlier position, the government responded to the court's question by claiming that NSL recipients can lobby Congress, thereby implicitly acknowledging that they have received an NSL. However, after EFF pressed the government on this inconsistency, the government sent a letter to the court <a href="https://www.eff.org/deeplinks/2014/11/unsealed-filing-shows-doj-misled-appeals-court-about-national-security-letter-gag">retracting</a> this statement—and conceding that the gag order extends to all discussion that might indicate receipt. </p>
<p>The limitations on what Internet companies can say about NSLs they receive were at the heart of another important NSL development. On January 27, the Deputy Attorney General sent a <a href="https://www.eff.org/document/deputy-attorney-general-transparency-reporting-letter">letter</a> to Google, Yahoo, Microsoft, LinkedIn, and Facebook that outlined two options for increased transparency reporting in response to actions these companies brought in the Foreign Intelligence Surveillance Court (FISC). The letter allows reporting about national security requests—including NSLs—in broad numerical bands. Neither of the options allows providers to definitively state that they have received zero NSLs.</p>
<p>Twitter didn't think this was good enough. On October 7, the <a href="https://blog.twitter.com/2014/taking-the-fight-for-transparency-to-court">company sued</a> the Department of Justice and the FBI, asking a federal court to declare it had the right to publish details about national security requests it did or didn't receive. Although Twitter wasn't a party to the companies’ FISC action, the government told Twitter it was bound by the terms of the Deputy Attorney General’s letter. Twitter’s <a href="https://g.twimg.com/blog/blog/attachments/Complaint.pdf">complaint</a> argues that it shouldn’t be bound by a settlement it wasn’t a party to, and asks the court to rule that NSL gag orders and judicial review procedures are unconstitutional.</p>
<p>Just this month, Nicholas Merrill, who ran an ISP called Calyx Internet Access, filed an <a href="http://isp.yale.edu/sites/default/files/page-attachments/merrill_v._holder_-_file-stamped_complaint.pdf">action</a> to finally dissolve the gag order tied to an NSL he received in 2004. Merrill previous challenge to NSLs resulted in a <a href="https://www.eff.org/deeplinks/2008/12/second-circuit-rules-against-national-security-let">decision</a> by the Second Circuit partially invalidating the NSL statute. But ten years later, he remains gagged about some elements of the NSL he received, even after the FBI’s investigation has been closed.</p>
<p>Finally, legislative reform of NSLs unfortunately wasn’t on the agenda for 2014. The USA Freedom Act, which <a href="https://www.eff.org/deeplinks/2014/11/eff-statement-senate-advancing-usa-freedom-act">died</a> in the Senate on November 8, included <a href="https://www.eff.org/deeplinks/2014/07/new-senate-usa-freedom-act-first-step-towards-reforming-mass-surveillance">small changes</a> to the statutes that govern NSLs. But those changes would have amounted to little more than the status quo. The legislation improved some judicial review procedures, and ensured NSLs wouldn’t be used for bulk collection, but it wouldn’t have cured the unconstitutionality of the NSL statute.</p>
<p>In 2015, we'll continue to spread awareness of NSLs and fight for accountability and oversight in the NSL process. To keep updated on what’s happening, check out our NSL <a href="https://www.eff.org/issues/national-security-letters">timeline</a>.</p>
<p class="MsoNormal">This article is part of our <em>Year In Review</em> series; <a href="https://www.eff.org/deeplinks/2014/11/2014-year-review">read other articles</a> about the fight for digital rights in 2014. Like what you're reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. <a href="https://eff.org/last-call">Join us today</a> and defend free speech, privacy, and innovation.</p>
</div></div></div>Fri, 26 Dec 2014 12:00:00 +000083668 at https://www.eff.orgNational Security LettersAndrew CrockerDia KayyaliUnsealed Filing Shows DOJ Misled Appeals Court About National Security Letter Gag Orders https://www.eff.org/es/deeplinks/2014/11/unsealed-filing-shows-doj-misled-appeals-court-about-national-security-letter-gag
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>A <a href="https://www.eff.org/document/governments-letter-re-misstatement-oral-argument">court filing</a> unsealed late Wednesday shows that the U.S. Department of Justice (DOJ) made a highly misleading argument to an appeals court in October during a hearing on the constitutionality of National Security Letters (NSLs).</p>
<p>On October 8, the Electronic Frontier Foundation <a href="https://www.eff.org/press/releases/media-alert-oral-arguments-effs-national-security-letter-case">argued</a> before the United States Court of Appeals for the Ninth Circuit that provisions in the USA PATRIOT Act that prohibit service providers from discussing NSLs they may have received violates the First Amendment. During the hearing, the judges’ questioning addressed concerns that the government is using its NSL authority to stifle recipients’ constitutionally protected right to comment on the government’s actions. But DOJ Attorney Douglas Letter countered that these companies are free to discuss the “quality” of NSLs letter they received from the FBI—a claim that contradicted the government’s prior position and turned out not to be true.</p>
<p>Following the hearing, EFF’s clients requested that the DOJ reconcile the statement Letter made to the court with the department’s longstanding contention that companies could not discuss having received NSLs at all. In response, the DOJ filed <a href="https://www.eff.org/document/governments-letter-re-misstatement-oral-argument">a letter</a> with the court admitting that Letter’s statements were incorrect, reaffirming its position that the broad gag includes any statement about the NSLs they have received. The DOJ also apologized to the court.</p>
<p>EFF Legal Director Cindy Cohn issued the following statement in response to the retraction:</p>
<blockquote><p>EFF’s clients have consistently challenged the indiscriminate use of gag orders in combination with National Security Letters. In particular, they have challenged the government’s contention that NSL recipients can’t even use their experiences receiving overbroad NSLs to push for reform in Congress or in the broader public debate. This is especially the case now that the USA FREEDOM Act, which has some limited NSL reform, is going to be discussed in the Senate.</p>
<p>At the oral argument, the judges were very concerned that the government is using its NSL authority to stifle recipients’ constitutionally protected right to comment on the government’s actions. We were surprised to hear, in response to those concerns, the government retreat from its position that the NSLs gags prevent recipients from talking about "very fact of having received" an NSL.</p>
<p>When we wrote to the government asking if this new position meant that our clients could indeed talk about the quality of the NSLs they have received, the government retracted its statements to the court and apologized. But it's troubling that we had to raise the issue before the government addressed it and that it seems the government was willing to let the court believe that the gag was narrower than it actually is in order to win the case.</p></blockquote>
<p>EFF represents two companies challenging NSLs—a telecom company and an Internet company. The names of these companies remain under seal, as the government continues to insist that even identifying them might endanger national security. In March 2013 a federal district court judge in San Francisco agreed with EFF and <a href="https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">ruled</a> the NSL provisions unconstitutional, barring future NSLs and accompanying gag orders. That ruling was stayed pending appeal, however, and the district court has subsequently enforced separate NSLs—including NSLs issued to both EFF clients—and indicates that it will continue to do so until the Ninth Circuit rules on EFF’s challenges.</p>
<p>Here's what Doug Letter originally told the court (mp3 available <a href="http://cdn.ca9.uscourts.gov/datastore/media/2014/10/08/13-15957.mp3">here</a>):</p>
<blockquote><p>There is a category that the deputy attorney general provided that recipients can make disclosures and there is a category of 0-249 so recipients can disclose that. They’re allowed to disclose within these bands. And they can fully participate in the public debate, they can say as we have disclosed we’re in that band 0-249 and it can say the very things that [EFF Senior Staff Attorney Kurt Opsahl] said they can’t. They can say and we think the government is asking for too much in many of the NSLs we received and we want to talk to our fellow recipients and see if they too have felt that there’s too much and we think Congress ought to do something about that. They can do all of that. There’s nothing that says that they can’t comment, they’re allowed to make specific comments about quantity, there’s absolutely no ban on them commenting on the quality of those they’ve received.</p></blockquote>
<p>Here's an excerpt from the subsequent retraction:</p>
<blockquote><p>In the course of discussing disclosures described in this letter, approximately 49 minutes into the Court's recording of the argument, government counsel indicated that if a company discloses that it is in one of these two bands starting with zero, it could publicly discuss the fact that it had received one or more NSLs and could discuss the quality of the specific NSL(s) that it had received. That suggestion was mistaken. The district court correctly noted that “the NSL nondisclosure provisions . . . apply, without distinction, to both the content of the NSLs and to the very fact of having received one."</p></blockquote>
<p>For the full text of the Justice Department's letter:</p>
<p><a href="https://www.eff.org/document/governments-letter-re-misstatement-oral-argument">https://www.eff.org/document/governments-letter-re-misstatement-oral-argument</a></p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div><div class="field__item odd"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div><div class="field__item even"><a href="/es/cases/re-national-security-letter-2013-13-80089">In re National Security Letter 2013 (13-80089)</a></div><div class="field__item odd"><a href="/es/cases/re-national-security-letter-2013-13-1165">In re National Security Letter 2013 (13-1165)</a></div></div></div>Thu, 13 Nov 2014 20:49:28 +000083154 at https://www.eff.orgNews UpdateNational Security LettersTransparencyDave MaassTwo Reports About FBI's Use of National Security Letters Reissued https://www.eff.org/es/deeplinks/2014/10/two-reports-about-fbis-use-national-security-letters-reissued
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Even the reports that are supposed to provide transparency about the FBI's use of <a href="//www.eff.org/issues/national-security-letters/">national security lettters</a> (NSLs) are secret—or at least a couple dozen pages of them are. NSLs are nonjudicial orders that allow the FBI to obtain information from companies, without a warrant, about their customers’ use of services. They almost always contain a gag order, which prohibits recipients from even saying they've received the request.</p>
<p>Two Office of the Inspector General (OIG) reports reviewing the FBI's use of NSLs from 2007 and 2008 were reissued earlier this week after having portions declassified. You can see the newly released versions of the 2007 report <a href="https://www.eff.org/document/reissued-2007-oig-report-nsls">here</a> and the 2008 report <a href="https://www.eff.org/document/reissued-2008-report-nsls">here</a>.</p>
<p>Charlie Savage at the New York Times has <a href="http://www.nytimes.com/interactive/2014/10/24/us/23-FBI-NSL-FOIA.html?_r=0">reviewed </a>and <a href="http://www.nytimes.com/interactive/2014/10/22/us/23-FBI-NSL-FOIA-2.html">listed</a> the changes. Some of them make sense. For example, one portion of the 2007 report masked references to a "Virginia Jihad network," which might have been redacted because of an ongoing investigation. But some of the previously classified portions are less explicable, such as the classification of the percentage of requests done under particular statutes. It's unclear what purpose keeping that number secret serves. What is clear is that excessive classification and redaction continue to get in the way of <a href="https://www.eff.org/issues/national-security-letters/faq#40">much-needed transparency</a> around NSLs.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div><div class="field__item odd"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div><div class="field__item even"><a href="/es/cases/re-national-security-letter-2013-13-80089">In re National Security Letter 2013 (13-80089)</a></div><div class="field__item odd"><a href="/es/cases/re-national-security-letter-2013-13-1165">In re National Security Letter 2013 (13-1165)</a></div></div></div>Fri, 24 Oct 2014 17:58:43 +000082835 at https://www.eff.orgNational Security LettersTransparencyDia KayyaliEFF Response to FBI Director Comey's Speech on Encryptionhttps://www.eff.org/es/deeplinks/2014/10/eff-response-fbi-director-comeys-speech-encryption
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>FBI Director James Comey <a href="http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course">gave a speech</a> yesterday reiterating the FBI's nearly twenty-year-old talking points about why it wants to reduce the security in your devices, rather than help you increase it. Here's EFF's response:</p>
<p>The FBI should not be in the business of trying to convince companies to offer less security to their customers. It should be doing just the opposite. But that's what Comey is proposing—undoing a clear legal protection we fought hard for in the 1990s.<a class="see-footnote" id="footnoteref1_ldj4ghk" title=" Here's the relevant part of CALEA that Comey wants to effectively undo: &quot;47 USC 1002(b)(3): A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.&quot; Also from the CALEA legislative history: &quot;Finally, telecommunications carriers have no responsibility to decrypt encrypted communications that are the subject of court-ordered wiretaps, unless the carrier provided the encryption and can decrypt it. This obligation is consistent with the obligation to furnish all necessary assistance under 18 U.S.C. Section 2518(4). Nothing in this paragraph would prohibit a carrier from deploying an encryption service for which it does not retain the ability to decrypt communications for law enforcement access ... Nothing in the bill is intended to limit or otherwise prevent the use of any type of encryption within the United States. Nor does the Committee intend this bill to be in any way a precursor to any kind of ban or limitation on encryption technology. To the contrary, section 2602 protects the right to use encryption.&quot; H/T Chris Soghoian: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html" href="#footnote1_ldj4ghk">1</a> The law specifically ensures that a company is <strong>not </strong>required to essentially become an agent of the FBI rather than serving your security and privacy interests. Congress rightly decided that companies (and free and open source projects and anyone else building our tools) should be allowed to provide us with the tools to lock our digital information up just as strongly as we can lock up our physical goods. That's what Comey wants to undo.</p>
<p>It's telling that his remarks echo so closely the arguments of that era. Compare them, for example, with this comment from former FBI Director Louis Freeh in May of 1995, now nearly twenty years ago:</p>
<blockquote><p>[W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime.</p></blockquote>
<p>Now just as then, the FBI is trying to convince the world that some fantasy version of security is possible—where "good guys" can have a back door or extra key to your home but bad guys could never use it. Anyone with even a rudimentary understanding of security can tell you <a href="https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html">that's just not true</a>. So the "debate" Comey calls for is phony, and we suspect he knows it. Instead, Comey wants everybody to have weak security, so that when the FBI decides somebody is a "bad guy," it has no problem collecting personal data.</p>
<p>That's bad science, it's bad law, it's bad for companies serving a global marketplace that may not think the FBI is always a "good guy," and it's bad for every person who wants to be sure that their data is as protected as possible—whether from ordinary criminals hacking into their email provider, rogue governments tracking them for politically organizing, or competing companies looking for their trade secrets. </p>
<p>Perhaps Comey's speech is saber rattling. Maybe it's an attempt to persuade the American people that we've undertaken significant reforms in light of the Snowden revelations—the U.S. government has not—and that it's time for the "pendulum" to swing back. Or maybe by putting this issue in play, the FBI may hope to draw our eyes away from, say, its attempt to water down the <a href="https://www.eff.org/deeplinks/2013/11/floor-not-ceiling-supporting-usa-freedom-act-step-towards-less-surveillance">National Security Letter reform</a> that Congress is considering. It's difficult to tell.</p>
<p>But if the FBI gets its way and convinces Congress to change the law, or even if it convinces companies like Apple that make our tools and hold our data to weaken the security they offer to us, we'll all end up less secure and enjoying less privacy. Or as the Fourth Amendment puts it: we'll be be less "secure in our papers and effects."</p>
<p>For more on EFF's coverage of the "new" Crypto Wars, read this <a href="https://news.vice.com/article/what-default-phone-encryption-really-means-for-law-enforcement">article focusing on the security issues</a> we wrote last week in Vice. And going back even earlier, a <a href="https://www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography">broader update</a> to a piece we wrote in 2010, which itself was was based on our fights in the 90s. If the FBI wants to try to resurrect this old debate, EFF will be in strong opposition, just as we were 20 years ago. That's because—just like 20 years ago—the Internet needs more, not less, strong encryption.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_ldj4ghk"><a class="footnote-label" href="#footnoteref1_ldj4ghk">1.</a> Here's the relevant part of CALEA that Comey wants to effectively undo: "47 USC 1002(b)(3): A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication." Also from the CALEA legislative history: "Finally, telecommunications carriers have no responsibility to decrypt encrypted communications that are the subject of court-ordered wiretaps, unless the carrier provided the encryption and can decrypt it. This obligation is consistent with the obligation to furnish all necessary assistance under 18 U.S.C. Section 2518(4). Nothing in this paragraph would prohibit a carrier from deploying an encryption service for which it does not retain the ability to decrypt communications for law enforcement access ... Nothing in the bill is intended to limit or otherwise prevent the use of any type of encryption within the United States. Nor does the Committee intend this bill to be in any way a precursor to any kind of ban or limitation on encryption technology. To the contrary, section 2602 protects the right to use encryption." H/T Chris Soghoian: <a href="http://paranoia.dubfire.net/2010/09/calea-and-encryption.html">http://paranoia.dubfire.net/2010/09/calea-and-encryption.html</a></li>
</ul></div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/bernstein-v-us-dept-justice">Bernstein v. US Department of Justice</a></div></div></div>Fri, 17 Oct 2014 19:33:23 +000082749 at https://www.eff.orgCommentaryPrivacyCALEAEncrypting the WebLaw Enforcement AccessNational Security LettersSecurityCindy CohnMedia Alert: Oral Arguments in EFF’s National Security Letter Casehttps://www.eff.org/es/press/releases/media-alert-oral-arguments-effs-national-security-letter-case
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Ninth Circuit Court of Appeals to Stream October 8 Hearing on Key Patriot Act Tool</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>Update: The court announced early Wednesday that it will not livestream the audio of the NSL case. Audio available here http://www.ca9.uscourts.gov/media/view.php?pk_id=0000013407.<br /></em></p>
<p>San Francisco, CA - The Electronic Frontier Foundation (EFF) will urge a federal appeals court next week to uphold a groundbreaking ruling that the National Security Letter (NSL) provisions of the USA Patriot Act are unconstitutional. The hearing is set for 9 a.m. on October 8 in San Francisco.</p>
<p>Months before Edward Snowden kicked off the international debate over electronic surveillance, EFF scored a major victory when a federal judge ordered the FBI to cease its practice of issuing NSLs—demands to telecommunication providers to provide information about their users that are not approved in advance by a judge.</p>
<p>The lower court found that the gag orders, which are almost always issued by the FBI in tandem with the NSLs, violate the First Amendment. In EFF's cases, these gag orders have forced EFF's clients to keep their identities hidden, preventing them from discussing the NSLs publicly or even revealing their involvement in this case. The court also found that the limited, after-the-fact judicial review procedures violate the separation of powers.</p>
<p>EFF Senior Staff Attorney Kurt Opsahl will deliver oral arguments at the hearing at the United States Court of Appeals for the Ninth Circuit. Audio of the arguments will be live streamed through the court's website. The identity of the clients will not be disclosed in Wednesday's hearing.</p>
<p>What: Oral Arguments in Under Seal v. Eric Holder, Jr. (consolidated cases)</p>
<p>Who: EFF Senior Staff Attorney Kurt Opsahl</p>
<p>When: 9 a.m. PT, Oct. 8, 2014</p>
<p>Where: James R. Browning Courthouse, Courtroom 4<br />
95 7th Street<br />
San Francisco, CA</p>
<p>Opsahl will be available for interviews at the courthouse immediately after the hearing.</p>
<p>Applications to bring a camera into the courtroom must be submitted by the close of business on Friday, Oct. 3. Details at: <a href="http://www.ca9.uscourts.gov/news_media/">http://www.ca9.uscourts.gov/news_media/ </a></p>
<p>Live oral arguments will be streamed at:<br /><a href="http://www.ca9.uscourts.gov/media/view_video.php?pk_vid=0000006581">http://www.ca9.uscourts.gov/media/view_video.php?pk_vid=0000006581</a></p>
<p>For EFF's briefs:<br /><a href="https://www.eff.org/files/2014/03/27/nsl.13-15957.13-16731.secondoffourbriefs.redacted.0320141.pdf">https://www.eff.org/files/2014/03/27/nsl.13-15957.13-16731.secondoffourbriefs.redacted.0320141.pdf </a></p>
<p><a href="https://www.eff.org/files/2014/07/08/casesqw.reply_.brief_.redacted.pdf">https://www.eff.org/files/2014/07/08/casesqw.reply_.brief_.redacted.pdf </a></p>
<p>For more on NSLs, visit our NSL Frequently Asked Questions page:<br /><a href="https://www.eff.org/issues/national-security-letters/faq%20">https://www.eff.org/issues/national-security-letters/faq </a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Dave</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Maass</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Investigative Researcher</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:dm@eff.org">dm@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Thu, 02 Oct 2014 20:07:26 +000082513 at https://www.eff.orgDave MaassUnderstanding the New USA FREEDOM Act: Questions, Concerns, and EFF’s Decision to Support the Billhttps://www.eff.org/es/deeplinks/2014/08/understanding-new-usa-freedom-act-questions-concerns-and-effs-decision-support
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Ever since the Snowden revelations, honest (and <a href="https://www.eff.org/deeplinks/2014/04/nsa-reform-bill-intelligence-community-written-intelligence-community-and">some dishonest</a>) efforts have been made in Congress to try to scale back at least some of the NSA’s spying. It’s a complex problem, since the NSA has overstepped reasonable bounds in so many different directions and there is intense secrecy surrounding the NSA’s activities and legal analysis.</p>
<p>The bill with the best chance to make some positive change currently is the Senate version of USA FREEDOM Act, a <a href="https://www.eff.org/deeplinks/2014/07/new-senate-usa-freedom-act-first-step-towards-reforming-mass-surveillance">new piece of legislation</a> with an older name.</p>
<p>After extensive analysis and internal discussion, EFF has decided to support this bill. But given the complexities involved, we wanted to lay out our thinking in more detail for our friends and allies.</p>
<p>Senator Leahy introduced S. 2685, the USA FREEDOM Act of 2014, last week. It’s clearly a vast improvement over the version of the bill that passed out of the House.<a class="see-footnote" id="footnoteref1_72apbsw" title="Some background may be helpful here: When USA FREEDOM was originally introduced in October of 2013, EFF called it a floor, not a ceiling. We supported the bill, but cautioned that it was just a first step towards NSA spying reform and still had some problematic pieces. But we were hopeful because it had bipartisan support in both the House and the Senate. Most importantly, we believed that it could start to address intelligence agency overreach. Unfortunately, months later, a drastically altered bill was introduced as a manager’s amendment in the House of Representatives. We made it clear that this bill, the result of political compromises, never earned our support. It passed out of the House as H.R. 3361. The current Senate version of USA FREEDOM is not as strong as the original version, but far stronger than what passed out of the House." href="#footnote1_72apbsw">1</a> It would also be an improvement over current law.</p>
<p>But it still has problems, some of which are inherent in any attempt to legislate in the shadow of national security. Specifically, we’ve seen the NSA and the <a href="http://www.intelligence.gov/mission/member-agencies.html">intelligence community</a> twist common words into tortured and unlikely interpretations to try to excuse their surveillance practices. We’re worried that, for all its good intentions, the bill may leave room for the intelligence community to continue to do so. Due to the secretive nature of surveillance, it will be difficult to ensure the intelligence community is not abusing its powers. And finally, this bill is a compromise between those who seek to reform the NSA and those who want to defend the status quo. Those compromises often fell short of what we’d hope for in comprehensive NSA reform.</p>
<p><b>Bad Faith Interpretations of the Bill’s Language</b></p>
<p>We now know that the NSA plays <a href="https://www.eff.org/deeplinks/2013/08/guide-deceptions-word-games-obfuscations-officials-use-mislead-public-about-nsa">word games</a> when it comes to interpreting the Foreign Intelligence Surveillance Act (FISA) and the Constitution. Words like “<a href="https://www.eff.org/deeplinks/2014/07/deeper-dive-effs-backbone-motion">collect</a>” and “target” have meanings for the NSA that no ordinary person would use. Words like “relevant” have been stretched far beyond any reasonable interpretation. </p>
<p>The new USA FREEDOM Act is also vulnerable to this kind of misuse. The language has wiggle room and ambiguity in places that we tried to get rid of, and failed. It also likely has language that can be misused that we haven’t yet recognized. While the clear intent of the bill is to end bulk collection of call detail records and bring more transparency to the NSA, the government could attempt to argue in bad faith that the bill does not require either.</p>
<p>Folks have begun pointing out where this is possible and we think this effort should continue. Specifically, <a href="http://www.washingtonpost.com/blogs/monkey-cage/wp/2014/05/27/the-nsa-freedom-act/">some have emphasized</a> that the bill only has extra restrictions for “daily” call record collection, like the collection the government currently does. They’ve argued that this means that the government can continue bulk collection if it simply crafts its request for call detail records, say, on a weekly or yearly basis. This interpretation of the legislation doesn’t take into account the additional restrictions imposed on any requests not made under the new language, but it’s still concerning.</p>
<p>Others have pointed out that the government can still get a second set of call detail records (a second “hop”) if there’s a “direct connection” to the first specific selection term. But the term “direct connection” is undefined. <a href="http://www.emptywheel.net/2014/07/28/improved-usa-freedom-retains-connection-chaining-and-foreign-intelligence-retention/">Some have noted</a> that the government could interpret “direct connection” to include the physical proximity of two mobile devices, or being in someone’s address book, since both might be called “direct”—yet the bill is trying to stop that sort of surveillance by association.</p>
<p>While we do believe that the intent of the bill is to disallow either of these scenarios, some additional clarity in the language would really help here, especially given the secrecy discussed below.</p>
<p>We hope the entire community of people concerned about mass surveillance will join us in poring over this bill and helping to identify other areas where additional clarity is needed.</p>
<p><b>Secrecy May Still Undermine Accountability </b></p>
<p>We’ve only gotten this far in ensuring that ordinary people know how pervasive surveillance really is due to whistleblowers like <a href="https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf">Mark Klein</a>, William Binney, Thomas Drake, J. Kirk Wiebe, Edward Snowden and countless anonymous whistleblowers, as well as the tenacious efforts of litigators under the <a href="https://www.eff.org/deeplinks/2014/03/sunshine-week-recap-how-effs-foia-litigation-helped-expose-nsas-domestic-spying">Freedom of Information Act</a>. Intelligence agencies like the NSA and FBI have fought hard to maintain as much secrecy as possible, only opening up when cornered. </p>
<p>While there is significant new transparency required by the USA FREEDOM Act, much will remain secret, and some of those secrets may undermine our ability to know whether the bill has actually achieved the reform it is aimed at. Some government secrecy in national security investigations may be merited of course, but even 20 years ago, Senator Daniel Moynihan <a href="https://en.wikipedia.org/wiki/Moynihan_Commission_on_Government_Secrecy">documented</a> the problems arising from the government’s rampant overclassification.</p>
<p>Even after USA FREEDOM, the FISA Court (FISC) will continue to approve requests <a href="https://www.eff.org/deeplinks/2014/04/in-one-sided-foreign-intelligence-surveillance-court-its-hard-to-get-whole-story">in secret</a>. While we are pleased that the bill creates a panel of special advocates to argue for civil liberties in the FISC, <a href="http://thehill.com/blogs/congress-blog/judicial/213137-fixing-what-ails-the-fisa">more is needed</a>—and even these advocates have limitations. For example, the advocate role is limited and advocates can only be appointed upon the government’s approval. In addition, special advocates have security clearance restrictions—an opportunity for the executive branch to block an advocate by denying a clearance or arguing an advocate doesn’t have adequate clearance to access certain documents. Perhaps most concerning, the intelligence community will continue to determine what legal interpretations by the FISC will be made public.</p>
<p>By its very nature, national security law is hard to assess because of the secrecy that surrounds it. USA FREEDOM is no exception.</p>
<p><b>Compromises in the USA FREEDOM Act</b></p>
<p>This bill is a first step. And it’s a small step because Senator Leahy’s goal was to introduce something that had a real chance of passing this Congress and not getting vetoed by President Obama.</p>
<p>Some of the compromises in this bill are obvious. It does less than the original USA FREEDOM. It doesn’t simply outlaw bulk collection, as EFF has <a href="https://www.eff.org/deeplinks/2013/10/nsa-spying-congress-stop-intelligence-committee-and-what-watch-upcoming-bills">long advised</a>. It doesn’t give the Privacy and Civil Liberties Oversight Board subpoena authority. It has special advocate and declassification provisions that will help transparency, but they aren’t as strong as the original USA FREEDOM Act. It doesn’t address bulk Internet collection under Section 702 of the FISA Amendments Act substantively at all and it pushes out the sunset date on Section 215 from 2015 to 2017, when the FISA Amendments Act is scheduled to sunset.</p>
<p>But some of the compromises in the bill are less apparent, especially if you haven’t been poring over NSA spying legislation. We are also particularly concerned with how the bill deals with the FBI. The FBI is exempt from Section 702 reporting, and the bill appears to provide a path for the FBI to get permanent gag orders in connection with <a href="https://www.eff.org/issues/national-security-letters">national security letters</a>. </p>
<p><b>Why We Support the Bill, Even with Our Concerns</b></p>
<p>Despite these concerns, EFF supports the USA FREEDOM Act as a first step in spying reform. We believe it ensures that the government will be collecting less information about innocent people, that it creates an independent voice to argue for privacy in the FISA Court, and that it will provide modest transparency improvements that will assist in accountability. The second and third of those would not be possible through litigation alone. </p>
<p>What’s more, we believe that this bill will help move comprehensive reform forward. It will show that the growing global community concerned about mass surveillance can band together and get legislation passed. We know that the original Foreign Intelligence Surveillance Act was not enacted until 1978, three <a href="https://www.eff.org/nsa-spying/timeline">years after the Church Committee</a> was formed. We are in this for the long haul.</p>
<p>Some wonder why we’d support legislation when we have litigation proceeding against Section 215 call records surveillance that could be sent back for further review if the law passes. While we’re very confident in our case, litigation is a long process and we’ve seen that progress in the courts can be undermined by subsequent legislation— our original case against AT&amp;T was killed by Congress when it passed the FISA Amendments Act. So if we can end the telephone records collection in Congress, it may be a more lasting win. </p>
<p>Finally, there is value in Congress reacting to the <a href="https://www.eff.org/deeplinks/2013/10/polls-continue-show-majority-americans-against-nsa-spying">clear consensus</a>: Americans of all political stripes think the NSA has gone too far—they do not support indiscriminate surveillance. Congress is where that political consensus should be expressed.</p>
<p><b>Your Support</b></p>
<p>This post lays out why we decided to support USA Freedom, and also many of our concerns. We made our decision based on the current version and we will not hesitate to pull our support if the bill gets watered down. </p>
<p>But we also support efforts of the community to raise these or other concerns and push Congress to clarify and plug the holes. Since Congress is in recess we have a month to go before this has any chance of getting to the floor, and we’ll be continuing to scour the bill with a fine-toothed comb. We look forward to assistance. We also respect those who have decided that they cannot support this bill without further changes, even significant ones.</p>
<p>In the meantime, if you agree with us that USA FREEDOM is a reasonable first step in the long project of surveillance reform, <a href="https://standagainstspying.org/scorecard/">find out</a> where your representatives stand and let them know what you think by <a href="https://standagainstspying.org/">tweeting at them</a>, <a href="https://act.eff.org/action/end-the-nsa-s-mass-spying">sending an email</a>, or even <a href="https://www.eff.org/deeplinks/2014/08/one-way-stand-against-spying-meet-legislator">setting up an in-district meeting</a> over the Congressional recess.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_72apbsw"><a class="footnote-label" href="#footnoteref1_72apbsw">1.</a> Some background may be helpful here: When USA FREEDOM was originally introduced in October of 2013, EFF called it a floor, not a ceiling. We supported the bill, but cautioned that it was just a first step towards NSA spying reform and still had some problematic pieces. But we were hopeful because it had bipartisan support in both the House and the Senate. Most importantly, we believed that it could start to address intelligence agency overreach.
<p>Unfortunately, months later, a drastically altered bill was introduced as a manager’s amendment in the House of Representatives. We made it clear that this bill, the result of political compromises, never earned our support. It passed out of the House as H.R. 3361. The current Senate version of USA FREEDOM is not as strong as the original version, but far stronger than what passed out of the House.</p></li>
</ul></div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/jewel">Jewel v. NSA</a></div><div class="field__item odd"><a href="/es/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church of Los Angeles v. NSA</a></div></div></div>Thu, 07 Aug 2014 19:30:23 +000081716 at https://www.eff.orgNational Security LettersNSA SpyingPATRIOT ActCindy CohnDia KayyaliWarrant Canary Frequently Asked Questionshttps://www.eff.org/es/deeplinks/2014/04/warrant-canary-faq
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><b><img src="/files/2014/04/10/canary-1-sq.png" width="265" height="265" alt="" class="image-right" />What is a warrant canary?</b></p>
<p class="MsoNormal">A warrant canary is a colloquial term for a regularly published statement that a service provider has <b>not</b> received legal process that it would be prohibited from saying it had received. Once a service provider does receive legal process, the speech prohibition goes into place, and the canary statement is removed.</p>
<p class="MsoNormal">Warrant canaries are often provided in conjunction with a transparency report, listing the process the service provider can publicly say it received over the course of a particular time period. The canary is a reference to the <a href="http://en.wikipedia.org/wiki/Animal_sentinel">canaries</a> used to provide warnings in coalmines, which would become sick before miners from carbon monoxide poisoning, warning of the danger. </p>
<p class="MsoNormal"><b>How might a warrant canary work in practice?</b></p>
<p class="MsoNormal">An ISP might issue a semi-annual transparency report, stating that it had not received any national security letters in the six month period. NSLs come with a gag, which purports to prevent the recipient from saying it has received one. (While a federal court has ruled that <a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute">the NSL gag is unconstitutional</a>, that order is currently stayed pending the government’s appeal). When the ISP issues a subsequent transparency report without that statement, the reader may infer from the silence that the ISP has now received an NSL.</p>
<p class="MsoNormal"><b>Why would an ISP want to publish a warrant canary?</b></p>
<p class="MsoNormal">“<em>Sunlight is said to be the best of disinfectants</em>.” – <a href="https://en.wikipedia.org/wiki/Louis_Brandeis">Justice Louis D. Brandeis</a>.</p>
<p class="MsoNormal">We are in a time of unprecedented public debate over the government’s powers to secretly obtain information about people. The revelations about the massive NSA bulk surveillance program have raised serious questions about whether these powers are necessary, legal and constitutional. Secret surveillance violates not only the privacy interests of the account holder, but the speech interests of ISPs who wish to participate in these public debates.</p>
<p class="MsoNormal"><b>Why should we care about publicizing secret legal process like national security letters?</b></p>
<p class="MsoNormal">As part of the reauthorization of the Patriot Act in 2006, Congress directed the DOJ Inspector General to investigate and report on the FBI’s use of NSLs. In three reports issued between <a href="http://www.usdoj.gov/oig/special/s0703b/final.pdf">2007</a>, <a href="http://www.usdoj.gov/oig/special/s0703b/final.pdf">2008</a> and <a href="http://www.justice.gov/oig/special/s1001r.pdf">2010</a>, the IG documented the agency’s systematic and extensive misuse of NSLs.</p>
<p class="MsoNormal">The reports showed that between 2003 and 2006, the FBI’s intelligence violations included improperly authorized NSLs, factual misstatements in the NSLs, improper requests under NSL statutes, and unauthorized information collection through NSLs. The FBI’s improper practices included requests for information based on First Amendment protected activity.</p>
<p class="MsoNormal">In December 2013, the President’s Review Group on Intelligence and Communications Technologies <a href="http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf">recommended</a> public reporting—both by the government and NSL recipients—of the number of requests made, the type of information produced, and the number of individuals whose records have been requested.</p>
<p class="MsoNormal">As discussed below, NSLs are just one type of gagged legal process. Similar <a href="http://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-49ddc7417125_story.html">problems persist</a> in other forms of secret process.</p>
<p class="MsoNormal"><b>Is it legal to publish a warrant canary?</b></p>
<p class="MsoNormal">There is no law that prohibits a service provider from reporting all the legal processes that it has <b>not</b> received. The gag order only attaches after the ISP has been served with the gagged legal process. Nor is publishing a warrant canary an obstruction of justice, since this intent is not to harm the judicial process, but rather to engage in a public conversation about the extent of government investigatory powers.</p>
<p class="MsoNormal"><b>What are some of the gagged legal processes that an ISP might receive?</b></p>
<p class="MsoNormal">An ISP may be gagged from stating it has received any one of several types of national security letters, orders from the Foreign Intelligence Surveillance Court (like the Section 215 orders used for the bulk call records program and the Section 702 orders used for the NSA’s PRISM program), or even an ordinary subpoena when accompanied by a gag order pursuant to the Electronic Communication Privacy Act. The government has issued hundreds of thousands of these gagged legal requests, but very few have ever seen the light of day. </p>
<p class="MsoNormal"><b>What does the government say is permissible for recipients of gagged legal process?</b></p>
<p class="MsoNormal">The government <a href="http://www.justice.gov/iso/opa/resources/366201412716018407143.pdf">allows</a> ISPs to report receipt of gagged legal process in ranges of 1000, starting at 0, for six-month periods. So if an ISP received 654 NSLs, it could report 0-999. If the companies choose to report FISC requests and NSL requests combined, they can use ranges of 250, again starting at 0. For example, Apple reported receiving 0-249 national security requests in the first half of 2013 and AT&amp;T reported 0-999 content FISC orders, 0-999 non-content FISC orders and 2000-2999 NSLs for the same period. </p>
<p class="MsoNormal">While the government-approved ranges all start at zero, publication of a range indicates that the ISP has received at least one, as otherwise the ISP would have no obligation to follow the government’s formula. </p>
<p class="MsoNormal">In contrast to the government-approved ranges, warrant canaries can be much more specific, making the it easier to determine what sort of legal process an ISP has been served with.</p>
<p class="MsoNormal"><b>What’s the legal theory behind warrant canaries?</b></p>
<p class="MsoNormal">The First Amendment protects against compelled speech. For example, a court held that the New Hampshire state government could not require its citizens to have “Live Free or Die” on their license plates. While the government may be able to compel silence through a gag order, it may not be able to compel an ISP to lie by falsely stating that it has not received legal process when in fact it has. </p>
<p class="MsoNormal"><b>Have courts upheld compelled speech?</b></p>
<p class="MsoNormal">Rarely. In a few instances, the courts have upheld compelled speech in the commercial context, where the government shows that the compelled statements convey important truthful information to consumers. For example, warnings on cigarette packs are a form of compelled commercial speech that have sometimes been upheld, and sometimes struck down, depending on whether the government shows there is a rational basis for the warning.</p>
<p class="MsoNormal"><b>Have courts upheld compelled false speech?</b></p>
<p class="MsoNormal">No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. For example, Planned Parenthood challenged a requirement that physicians tell patients seeking abortions of an increased risk of suicidal ideation. The court found that Planned Parenthood did not meet its burden of showing that the disclosure was untruthful, misleading, or not relevant to the patient’s decision to have an abortion.</p>
<p class="MsoNormal"><b>Are there any cases upholding warrant canaries?</b></p>
<p class="MsoNormal">Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie. To borrow a phrase from <a href="http://books.google.com/books?id=o6rFno1ffQoC&amp;lpg=PA215&amp;ots=Qyg9IdLg2_&amp;dq=quote%20%22no%20one%20can%20guar%C2%ADan%C2%ADtee%20suc%C2%ADcess%20in%20war%2C%20but%20only%20deserve%20it%22&amp;pg=PA215#v=onepage&amp;q=quote%20%22no%20one%20can%20guar%C2%ADan%C2%ADtee%20suc%C2%ADcess%20in%20war,%20but%20only%20deserve%20it%22&amp;f=false">Winston Churchill</a>, no one can guarantee success in litigation, but only deserve it.</p>
<p class="MsoNormal"><b>What should an ISP do if the warrant canary is triggered?</b></p>
<p class="MsoNormal">If an ISP with a warrant canary receives gagged legal process, it should obtain legal counsel and go to a court for a determination that it cannot be required to publish false information. While some ISPs may be tempted to engage in civil disobedience, EFF believes that it is better to present the issue to a court, to help establish a precedent. If you run an ISP with a warrant canary and receive gagged legal process, contact <a href="mailto:info@eff.org">info@eff.org</a> if you would like help finding counsel. </p>
<p class="MsoNormal"><b>How often should an ISP publish the warrant canary?</b></p>
<p class="MsoNormal">Various ISPs have published canaries on a wide range of schedules. To allow time to file a case and for the court to rule on the important legal questions, we suggest at least few months between the transparency report and the time period covered.</p>
<p class="MsoNormal"><b>Who has issued warrant canaries?</b></p>
<p class="MsoNormal">A number of service providers have issued warrant canaries, including:</p>
<ul><li><a href="http://images.apple.com/pr/pdf/131105reportongovinforequests3.pdf">Apple</a> (“Apple has never received an order under Section 215 of the USA Patriot Act.”)</li>
<li><a href="http://electricembers.coop/about-us/privacy-policy/">Electric Embers</a> ("<span>Since our beginnings in 2003, we have received and complied with 0 (zero) government requests for information.")</span></li>
<li><a href="http://www.espionageapp.com/">Espionageapp.com</a> (“We have not placed any backdoors into our software and have not received any requests for doing so. Pay close attention to any modifications to the previous sentence, and verify the signature of this "watch zone" by viewing the page source. Our public GPG key can be found using this ID: A884B988”)</li>
<li><a href="https://www.lookout.com/transparency/report-2013">Lookout</a> (“Furthermore, as of the date of this report, Lookout has not received a national security order and we have not been required by a FISA court to keep any secrets that are not in this transparency report.”)</li>
<li><a href="http://www.magusnet.com/canary.html">MagusNet</a> (picture of a warrant canary with the statement, “No Warrants. No Searches, No Seizures [sic] at Magus Net, LLC.”)</li>
<li><a href="http://blog.pinterest.com/post/78882077135/our-first-transparency-report">Pinterest</a>. (“National security: 0”)</li>
<li><a href="https://help.riseup.net/canary">Rise Up</a> (“<span>Riseup has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order by a FISA court</span>.”)</li>
<li><a href="http://www.rsync.net/resources/notices/canary.txt">Rsync.net</a> (“No warrants have ever been served to rsync.net, or rsync.net principals or employees. No searches or seizures of any kind have ever been performed on rsync.net assets . . . .”)</li>
<li><a href="http://transparency.tumblr.com/tagged/national-security-issues">Tumblr</a> (“As of the date of publication of this report, we have never received a National Security Letter, FISA order, or any other classified request for user information.”)</li>
<li><a href="http://www.vilain.com/wp/">Vilain</a> (“THE FBI HAS NOT BEEN HERE (watch very closely for the removal of this sign).”)</li>
<li><a href="https://www.mywickr.com/en/downloads/Wickr_Transparency_Report_12.20.pdf">Wickr</a> (“As of the date of this report, Wickr has not been required by a FISA request to keep any secrets that are not in this transparency report as part of a national security order.”)</li>
</ul><p><em>Update April 21, 2014: Updated link and quote for Rise Up's policy, added Electric Embers.</em></p>
</div></div></div>Thu, 10 Apr 2014 19:09:38 +000079865 at https://www.eff.orgLegal AnalysisPrivacyNational Security LettersNSA SpyingPATRIOT ActKurt OpsahlAn NSA "Reform Bill" of the Intelligence Community, Written by the Intelligence Community, and for the Intelligence Communityhttps://www.eff.org/es/deeplinks/2014/04/nsa-reform-bill-intelligence-community-written-intelligence-community-and
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Representatives Mike Rogers and Dutch Ruppersberger, the leaders of the House Intelligence Committee, introduced <a href="https://web.archive.org/web/20140330205444/http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/FISAmar2514asintroduced.pdf">HR 4291, the FISA Transparency and Modernization Act</a> (.pdf), to end the collection of all Americans' calling records using <a href="https://www.eff.org/document/215-one-pager-adv">Section 215 of the Patriot Act</a>. Both <a href="https://web.archive.org/web/20140330205730/http://www.pbs.org/newshour/bb/government_programs-july-dec13-surveillance1_10-29/">have</a> <a href="https://web.archive.org/web/20131029221617/http://www.huffingtonpost.com/2013/10/27/mike-rogers-nsa-surveillance_n_4167901.html">vehemently</a> <a href="https://web.archive.org/web/20131028053535/http://www.reuters.com/article/2013/10/27/us-usa-security-idUSBRE99Q07E20131027">defended</a> the program since June, and it's reassuring to see two of the strongest proponents of NSA's actions agreeing with privacy advocates' (and the <a href="https://www.eff.org/deeplinks/2013/10/polls-continue-show-majority-americans-against-nsa-spying">larger</a> <a href="https://www.eff.org/deeplinks/2013/06/multiple-new-polls-show-americans-reject-wholesale-nsa-domestic-spying">public's</a>) demands to end the program. The bill only needs 17 lines to stop the calling records program, but it weighs in at more than 40 pages. Why? Because the “reform” bill tries to create <i>an entirely new government "authority" to collect other electronic data</i>.<i> </i></p>
<p><b>Collecting All Americans' Calling Records Is So 2012</b></p>
<p>The bill only ends the government collection of all Americans' calling records using Section 215 of the Patriot Act—a good, albeit very small, first step. It also tries to prohibit the mass collection of other records like firearm sales and tax records. Unfortunately, it may still allow the government to argue for such collection as long as the NSA uses a "specific identifier or selection term." In short: the government may still try to search these records, and potentially other records. The bill leaves almost all of Section 215 as-is; the sole fix being that the section would no longer apply to calling records. The bill also stays mum on the NSA's ability to mass spy on financial records, credit card records, or other purchasing records using Section 215.</p>
<p><b>Collecting All Americans' Internet Records Is the Future</b></p>
<p>The next twenty pages of the bill create a process where the government sends orders directed at electronic communication service providers for the collection of "records created as a result of communications of an individual or facility."</p>
<p>The words simply switch out one form of unconstitutional mass collection for another. And this latter version is even scarier than the mass collection of Americans' calling records. A "facility" could include an entire Internet Service Provider (ISP) like Comcast, or company like "Google." And the bill's use of "electronic communication" doesn't use the definition <a href="http://www.law.cornell.edu/uscode/text/50/1801">found in the Foreign Intelligence Surveillance Act (FISA)</a>, but the one <a href="http://www.law.cornell.edu/uscode/text/18/2510">found in criminal law,</a> which includes any transfer of data like uploaded documents to the cloud, calendar entries, or address book entries. Under the bill, the government might try to argue that the order can collect <em>any</em> type of record created as the result of <em>any</em> "electronic communication" as long as the communication is of an agent of a foreign power or someone in contact with the agent or foreign power. This is an incredibly broad standard.</p>
<p>What's worse is that the order doesn't need prior judicial approval of who is targeted, where the information is supposed to be collected, and why the government is searching for the information. The new order could collect the content of the communication or US personal information like credit card numbers, social security numbers, names, or addresses. That's because the order must only be "reasonably designed" to not acquire such information. There is no mandate in the bill banning such collection or deleting such information upon collection.</p>
<p>The new order' has "civil liberties and privacy protection procedures," written by the Attorney General and the Director of National Intelligence. But don't let the name fool you. The procedures only have to "reasonably limit" the collection, retention, or searching of records not useful for foreign intelligence information. It's too bad that "foreign intelligence information" is essentially defined in FISA to mean "<a href="https://www.eff.org/deeplinks/2013/11/nsas-surveillance-powers-extend-far-beyond-terrorism-despite-governments">everything</a>." The procedures are reviewed every year by the FISA Court, and once accepted, the government sends out orders to companies for records without any additional judicial approval.</p>
<p>The above procedures to minimize certain information ("minimization procedures") take after ones found in <a href="https://www.eff.org/document/702-one-pager-adv">Section 702 of the Foreign Intelligence Surveillance Amendments Act</a>, which is used to unconstitutionally mass collect innocent users' phone calls and emails. Unfortunately, the procedures in Section 702 fail at even nominally protecting innocent users communications. Section 702 <a href="http://www.law.cornell.edu/uscode/text/50/1881a">requires</a> the procedures to be "reasonably designed" to exclude wholly domestic American communications. Despite the fact that the FISA Court found the NSA collecting tens of thousands of such emails, the Court <a href="https://www.eff.org/deeplinks/2013/09/government-releases-nsa-surveillance-docs-and-previously-secret-fisa-court">thought</a> NSA's targeting procedures were still "reasonable." We also know that the procedures fail <a href="https://www.eff.org/deeplinks/2013/09/gems-mined-nsa-docs-released-today">time</a> <a href="https://www.eff.org/deeplinks/2013/06/recently-revealed-nsa-procedures-likely-ones-found-unconstitutional-fisa-court">after time</a> and are designed to <i>retain and search </i>the very communications the NSA isn't supposed to be retaining and searching. Both are good reasons to think such procedures won't work for the bill's newly devised order. We won't even know how much they fail (or succeed) because the procedures are filed in secret and stamped classified. Keeping the law secret <a href="https://web.archive.org/web/form-submit.jsp?url=http%3A%2F%2Fwww.thedailybeast.com%2Farticles%2F2014%2F02%2F17%2Fspy-chief-we-should-ve-told-you-we-track-your-calls.html&amp;type=replay&amp;date=20140307162056">worked out well in the past</a>, so it should work out well in the future, right?</p>
<p>The bill is what's expected from the House Intelligence Committee. The committee was created to oversee the intelligence community, but it has been coopted for quite some time. Though it stops the mass collection of all Americans' calling records, the bill's creation of a new order to conduct unconstitutional mass spying on <i>any record created by a communication</i> is disturbing. And it's a bill that will surely fail to pass Congress when real reform bills that would stop all uses of Section 215 to conduct mass spying, like the <a href="https://www.eff.org/deeplinks/2013/11/floor-not-ceiling-supporting-usa-freedom-act-step-towards-less-surveillance">USA Freedom Act</a>, are already on the table. <a target="_self" href="https://stopwatching.us/?r=eff">Tell Congress now</a> to support NSA reform that will stop every government use of Section 215 to mass spy on innocent users.</p>
</div></div></div>Wed, 02 Apr 2014 16:39:13 +000079726 at https://www.eff.orgNational Security LettersNSA SpyingSecurityLee TienEFF Fights National Security Letter Demands on Behalf of Telecom, Internet Companyhttps://www.eff.org/es/press/releases/eff-fights-national-security-letter-demands-behalf-telecom-internet-company
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Legal Briefings Still Under Seal After Government Demands for Secrecy</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - The Electronic Frontier Foundation (EFF) filed two briefs on Friday challenging secret government demands for information known as National Security Letters (NSLs) with the Ninth Circuit Court of Appeals.<span> </span>The briefs—one filed on behalf of a telecom company and another for an Internet company—remain under seal because the government continues to insist that even identifying the companies involved might endanger national security.<span> </span></p>
<p class="MsoNormal">While the facts surrounding the specific companies and the NSLs they are challenging cannot be disclosed, their legal positions are already public: the NSL statute is a violation of the First Amendment as well as the constitutional separation of powers.</p>
<p class="MsoNormal">“The NSL statute allows the FBI to demand potentially protected information without any court oversight,” EFF Senior Staff Attorney Matt Zimmerman said.<span> </span>“Furthermore, it permits the FBI to independently gag recipients so that NSL recipients like our clients have no ability to notify their customers or the public that any demands were made, let alone that they went to court to stop them.<span> </span>Our clients strongly desire to bring their unique perspectives to the ongoing national discussion on intrusive government spying, and they have timely and relevant information to contribute to that debate. However, the FBI’s unconstitutional NSL authority prevents these companies from exercising their rights and taking part in this critically important conversation.”</p>
<p class="MsoNormal">In <a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute">March 2013</a> a federal district court judge in San Francisco agreed with EFF and ruled the NSL provisions unconstitutional, barring future NSLs and accompanying gag orders. <span> </span>That ruling was stayed pending appeal, however, and the district court has subsequently enforced separate NSLs—including NSLs issued to both EFF clients—and indicates that it will continue to do so until the Ninth Circuit rules on EFF’s challenges.<span> </span></p>
<p class="MsoNormal">“The fight over NSLs and the government’s dangerous practice of bypassing meaningful review by the judicial branch is not an academic one—real people and real companies are involved, battling for their constitutional rights and the rights of their users,” Zimmerman said.<span> </span>“The district court was right: the First Amendment prevents the FBI from engaging in such invasive, secretive, and unaccountable activities.<span> </span>We are eager to explain to the Court of Appeals why it should come to the same conclusion.”</p>
<p class="MsoNormal">EFF also recently re-launched its Frequently Asked Questions page on National Security Letters. Read it at: <a href="https://www.eff.org/issues/national-security-letters-faq">https://www.eff.org/issues/national-security-letters-faq</a></p>
<p class="MsoNormal">For more on the National Security Letter cases: <a href="https://www.eff.org/cases/re-matter-2011-national-security-letter">https://www.eff.org/cases/re-matter-2011-national-security-letter</a></p>
<p>Contact:</p>
<p>Matt Zimmerman<br />
Senior Staff Attorney<br />
Electronic Frontier Foundation<br />
<a href="mailto:mattz@eff.org">mattz@eff.org</a></p>
</div></div></div>Mon, 03 Mar 2014 12:45:08 +000079162 at https://www.eff.orgDave MaassPete Seeger and the NSAhttps://www.eff.org/es/deeplinks/2014/02/pete-seeger-and-nsa
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><blockquote><p><em> "I am not going to answer any questions as to my association, my philosophical beliefs, or how I voted in any election, or any of these private affairs. I think these are very improper questions for any American to be asked, especially under such compulsion as this."</em></p>
<p><em>Pete Seeger, 1955, <a href="http://www.peteseeger.net/HUAC.htm">testimony pursuant to subpoena before the House Un-American Activities Committee</a>.</em> </p></blockquote>
<p><img class="align-right" src="/files/2014/02/02/pete-seeger.png" alt="" height="347" width="300" />The world lost a clear, strong voice for peace, justice, and community with <a href="http://www.nytimes.com/2014/01/29/arts/music/pete-seeger-songwriter-and-champion-of-folk-music-dies-at-94.html">the death of singer and activist Pete Seeger</a> last week. While Seeger was known as an outspoken musician not shy about airing his political opinions, it’s also important to remember he was once persecuted for those opinions, despite breaking no law. And the telling of this story should give pause to those who claim to be unconcerned about the government's metadata seizure and search programs that reveal our associations to the government today. <span></span></p>
<p>In 1955, Seeger was called before the House Un-American Activities Committee, where he defiantly refused to answer questions about others who he associated with and who shared his political beliefs and associations, believing Congress was violating his First Amendment rights. He was especially concerned about revealing his associations:</p>
<blockquote><p><em>I will be glad to tell what songs I have ever sung, because singing is my business. . . . But I decline to say who has ever listened to them, who has written them, or other people who have sung them.</em></p></blockquote>
<p>But if the same thing were to happen today, a Congressional subpoena and a public hearing wouldn’t be necessary for the government to learn all of our associations and other "private affairs." Since the NSA has been collecting and keeping them, they could just get that same information from their own storehouses of our records.</p>
<p>According to the Constitution, the government is supposed to meet a high standard before collecting this private information about our associations, especially the political ones that the Congressmen were demanding of Seeger. For instance, under the First Amendment, it must <a href="https://www.eff.org/cases/first-unitarian-church-los-angeles-v-nsa#legal-tests">“serve compelling state interests, unrelated to the suppression of ideas, that cannot be achieved through means significantly less restrictive of associational freedoms.”</a></p>
<p>It doesn't matter whether the government wants associations to look for possibly "illegal" activities of civil rights activists, Communist sympathizers, anarchists, trade unionists, war resisters, gun rights activists, environmental activists, drug legalization advocates, or wants to go after legitimate criminals and potential terrorists, if the government can't justify the collection of this "metadata" on this "strict scrutiny" standard, they’re not allowed to collect any of it. Yet right now, they collect <em>all</em> of it.</p>
<p>We're still learning of all the ways the government is able to track our associations without anything like the due process and standards required by the First and Fourth Amendments, but it is the centerpiece of the NSA's mass telephone records collection program under Patriot Act section 215, which EFF is fighting with our <a href="https://www.eff.org/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church v. NSA</a> case that focuses on the right of association. Our lead client, the First Unitarian Church of Los Angeles, had its own role in resisting the House Un-American Activities Committee. It's also part and parcel of the mass collection of content and metadata of people all around the world under section 702 of the FISA Amendments Act. And it's a real concern even if the companies hold the data, as we've seen with the FBI's self-certified <a href="https://www.eff.org/cases/re-matter-2011-national-security-letter">National Security Letters</a> and the <a href="https://www.eff.org/document/diaz-rivera-amicus-brief">Hemisphere</a> program, where AT&amp;T employees are embedded in government investigations so that they can more readily search through our phone records for the FBI, the DEA and others.</p>
<p>Each of these programs effectively allows the government to do to you what Pete Seeger refused to let them do to him—track your associations, beliefs and other private affairs without proper legal protections. And they can do this at scale that was unimaginable in 1955, thanks to the digital nature of our communications, the digital tools that allow them to search automatically rather than by hand and the fact that so much more about these private affairs is in the hands of third parties like our phone and internet companies.</p>
<p>While Seeger escaped jail, he was convicted of contempt for his failure to answer these questions. Thankfully Joseph McCarthy and the Un-American Activities Committees were later widely condemned, and Americans understandably look back sadly and with embarrassment on time when the Committee forced Americans to reveal their own associations, along with the associations and beliefs of others. With the passing of moral and artistic heroes like Seeger, we should redouble our efforts to make sure that our "private affairs" remain safe and the government's ability to access them remains subject to careful controls.</p>
<p>Join us on February 11 for the <a href="https://thedaywefightback.org/">day we fight back</a> against mass surveillance. </p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div><div class="field__item odd"><a href="/es/cases/jewel">Jewel v. NSA</a></div><div class="field__item even"><a href="/es/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church of Los Angeles v. NSA</a></div></div></div>Sun, 02 Feb 2014 01:21:48 +000078678 at https://www.eff.orgCommentaryFree SpeechNational Security LettersNSA SpyingTransparencyCindy CohnNew Decision Shows How Businesses Can Challenge Warrantless Records Collection, Even if You Can'thttps://www.eff.org/es/deeplinks/2013/12/new-decision-shows-how-businesses-can-challenge-warrantless-records-collection
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Much of the debate over modern surveillance—including the NSA mass spying controversy—has centered around whether people can reasonably expect that records about their telephone and Internet activity can remain private when those records belong to someone else: the service providers. Courts <a href="https://www.eff.org/deeplinks/2013/12/historic-ruling-federal-judge-declares-nsa-mass-phone-surveillance-likely">have</a> <a href="https://www.eff.org/deeplinks/2013/12/judges-dismissal-aclu-case-disappointing-fight-over-programs-legality-far-over">disagreed</a> on whether the 1979 Supreme Court case <a href="http://scholar.google.com/scholar_case?case=3033726127475530815"><em>Smith v. Maryland</em></a>, which ruled people have no expectation of privacy in the phone numbers they dial, should be <a href="https://www.eff.org/deeplinks/2013/12/landmark-decision-important-beyond-nsa-phone-records-collection">extended</a> to cover newer, more invasive forms of technology. But a decision released on December 24th by the Ninth Circuit Court of Appeals looks at the issue from the point of view of businesses, providing a glimpse into how service providers and technology companies could challenge the government's unconstitutional surveillance.</p>
<p>In <em><a href="http://cdn.ca9.uscourts.gov/datastore/opinions/2013/12/24/08-56567.pdf">Patel v. City of Los Angeles</a></em>, the Ninth Circuit found a city ordinance that required hotels and motels to turn over guest records without any judicial process violated the <a href="http://www.law.cornell.edu/constitution/fourth_amendment">Fourth Amendment</a>. The ordinance mandated hotels and motels keep a record for 90 days containing things like a guest's name and address, the make, model and license plate number of the guest's car, and the room number assigned and rate charged. The ordinance allowed police to inspect guest records without a search warrant or the hotel's consent at any time. The city believed that collecting the records would deter drug dealing and prostitution, as people would be less inclined to rent a room if police could get access to guest information at any time. Failure to turn the records over was a misdemeanor crime.</p>
<p>The court found that the hotels and motels had an expectation of privacy in their business records, even if those records didn't contain anything of great personal value to the hotel. This was true even if the users themselves didn't have an expectation of privacy in the records. Because the ordinance didn't have a mechanism to allow the hotels and motels to obtain judicial review of whether the demand was reasonable before applying criminal penalties for non-compliance, the Ninth Circuit ruled the ordinance violated the Fourth Amendment. This procedural requirement—obtaining judicial review—is important, so that companies aren't at the mercy of the "unbridled discretion" of officers in the field, who would be free to arbitrarily choose when, whom, and how frequently to inspect a particular business. </p>
<p>This decision provides ammunition for companies to challenge receipt of other forms of surveillance requests, including <a href="https://www.eff.org/issues/national-security-letters">National Security Letters</a> which are issued without any oversight or judicial review and require the recipient to remain silent about the fact it even received a request.</p>
<p>More broadly, <em>Patel</em> shows <a href="https://www.eff.org/deeplinks/2012/08/service-agreements-kill-privacy-can-they-create-it-too">yet again</a> that the Fourth Amendment doesn't die once you turn information over to a business. If courts are going to reject user challenges to government demands for their data, then it's up to the companies to step up to safeguard not only the data entrusted to them by their users, but the data that presumably belong to the companies themselves. As major tech companies have called for NSA <a href="https://www.eff.org/deeplinks/2013/12/eight-tech-giants-call-reform-surveillance-law">reform</a> and have taken steps to implement <a href="https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what">technological</a> protections to safeguard their users' data, this decision shows that they can also make legal challenges in court. While Yahoo! unsuccessfully <a href="http://www.wired.com/threatlevel/2013/06/yahoo-failed-fisa-fight/">challenged</a> an order requiring it turn over data to the NSA under the PRISM program, the phone companies themselves have made <a href="http://bigstory.ap.org/article/fisa-judge-no-challenges-phone-records-orders">no legal challenges</a> to the NSA's bulk collection of phone records, which at least one judge has found to be <a href="http://legaltimes.typepad.com/files/obamansa.pdf">unconstitutional.</a> This must change so that the public can take advantage of the conveniences of new technologies without having to sacrifice privacy.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/jewel">Jewel v. NSA</a></div><div class="field__item odd"><a href="/es/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church of Los Angeles v. NSA</a></div><div class="field__item even"><a href="/es/cases/city-los-angeles-v-patel">City of Los Angeles v. Patel</a></div></div></div>Fri, 03 Jan 2014 19:22:15 +000078179 at https://www.eff.orgLegal AnalysisPrivacyCell TrackingLocational PrivacyNational Security LettersHanni Fakhoury2013 in Review: EFF Convinces Court to Declare National Security Letters Unconstitutional - President's Panel Agreeshttps://www.eff.org/es/deeplinks/2013/12/2013-review-eff-convinces-court-declare-national-secruity-letters-unconstitutional
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><i><img src="/files/styles/medium/public/2013/12/26/2013-3-square_1.jpg?itok=W3Ii_bCu" alt="2013 in Review" class="image-medium image-left" height="150" width="220" />As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click <a href="https://www.eff.org/deeplinks/2013/12/2013-review">here</a> to read other blog posts in this series.</i></p>
<p>In a banner year, one of EFF's court victories stands out: 2013 is the year EFF took a huge step towards taking out a piece of the USA PATRIOT Act. In the spring, <a href="https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">we convinced</a> a federal district judge to strike down as unconstitutional a National Security Letter (NSL) statute. And we got a big vote of support on December 20 when the President’s Review Group on Intelligence and Communications Technologies <a href="http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf">called for the banning of NSLs in their current form</a>, stating that it was “unable to identify a principled reason why NSLs should be issued by FBI officials” when similar processes must issue from judges.</p>
<p>NSLs, relatively narrow (though still hugely problematic) national security investigative tools <a href="https://www.fas.org/sgp/crs/intel/RL33320.pdf">when they were created</a> in the 80s, were dramatically expanded by the USA PATRIOT Act in 2001. With an NSL, and without any prior court approval or oversight whatsoever, the FBI can compel entities such as telephone companies, Internet service providers, and banks and other financial institutions to turn over records revealing intimate and possibly constitutionally-protected details about their customers, such as the identities of anonymous online speakers and their associations. Worse yet, again without any court approval, the FBI can indefinitely gag NSL recipients, preventing them from even disclosing that they received one.</p>
<p>In March, in a <a href="https://www.eff.org/files/filenode/nsl_order_scan.pdf">strong opinion</a>, Senior District Court Judge Susan Illston of the Northern District of California <a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute">granted EFF’s petition</a>—brought on behalf of an unnamed telephone company—to set aside the challenged NSL. Judge Illston agreed that 18 U.S.C. § 2709, the NSL statute in question, was facially unconstitutional because it granted unilateral power to the FBI to silence NSL recipients and that this unconstitutional gag rendered the entire process unlawful. Judge Illston ordered the FBI to cease both issuing future NSLs as well as enforcing any NSL-related gag orders, but, as is often the case in national security cases, the court stayed its groundbreaking order pending appeal. Briefing for the appeal begins in January.</p>
<p>How important is Judge Illston’s decision? NSLs—now found to be illegal in their entirety by the district court—have <a href="http://online.wsj.com/news/articles/SB10001424052702303567704577519213906388708">been a ubiquitous tool</a> used by the FBI over the past decade, with the FBI issuing over 85 requests each and every day on average, amounting to over 300,000 since the passage of the USA PATRIOT Act. Without a requirement that a court sign off on its exercise of this unprecedented power, and no meaningful transparency built into the system, the FBI has been <a href="http://www.usdoj.gov/oig/special/s0703b/final.pdf">repeatedly tempted</a> over the years to <a href="http://www.usdoj.gov/oig/special/s0803b/final.pdf">cut corners</a> and even on occasion to <a href="http://www.washingtonpost.com/wp-dyn/content/article/2007/03/20/AR2007032000921.html">blatantly</a> <a href="http://www.justice.gov/oig/special/s1001r.pdf">misuse this extraordinary power</a>.</p>
<p>The FBI has repeatedly argued that NSLs are <a href="http://www.washingtonpost.com/wp-dyn/content/article/2007/03/08/AR2007030802356_2.html">necessary tools</a>. However, with a wide range of other options under existing laws that permit the FBI to obtain exactly the same information but <i>with</i> court supervision, the government is in essence arguing for the right to collect sensitive information on its own, without anyone looking over its shoulder.</p>
<p>The government is wrong. As the President’s Review Group on Intelligence and Communications Technologies <a href="http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf">affirmed</a>, such unchecked access to our records is too dangerous and too ripe for abuse. And as Review Group co-author Richard Clarke diplomatically put it later, NSLs are "<a href="http://www.onthemedia.org/story/nsa-gets-report-card/">a little difficult to square with constitutionality</a>."</p>
<p>We agree: NSLs must end. Whether that end comes through litigation or legislation, EFF looks forward to continue fighting NSLs in the new year.</p>
<p><em>This article is part of our 2013 Year in Review series; <a href="https://www.eff.org/deeplinks/2013/12/2013-review">read other articles</a> about the fight for digital rights in 2013.</em></p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div></div></div>Sun, 29 Dec 2013 15:14:32 +000078148 at https://www.eff.orgLegal AnalysisPrivacyNational Security LettersMatt ZimmermanWe Can Hear You Now: Verizon Plans First Transparency Report (Update-AT&T, Too!)https://www.eff.org/es/deeplinks/2013/12/we-can-hear-you-now-verizon-plans-first-transparency-report
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We were pleasantly surprised by Verizon’s <a href="http://newscenter.verizon.com/corporate/news-articles/2013/12-19-verizon-to-publish-transparency-report/">announcement this week</a> that it will become the first major telecommunications company to release a transparency report. In early 2014, Verizon will follow in the footsteps of companies like Google, Facebook, and Apple, and will finally adopt this best practice and begin to tell its customers, and the American public, the details about how often law enforcement comes knocking with requests for user data. Verizon’s welcome announcement came the same day that Google updated its transparency report, which it has regularly released since 2010. Google's latest report details significant and <a href="http://www.google.com/transparencyreport/removals/government/?hl=en">troubling increases in government requests</a> to remove content from the Internet.</p>
<p>Verizon's announcement comes only after significant pressure. Last month, the telecom giant's shareholders <a href="http://www.nytimes.com/2013/11/21/technology/shareholders-pressure-att-and-verizon-wireless-over-surveillance-role.html">wrote a letter demanding the company</a> be more transparent about how it shares customer information with law enforcement and the government. But Verizon took a stance against its shareholders, claiming that the shareholders had no ground to demand the company take any action.</p>
<p>Now, one day after the White House Review Group on Intelligence and Communications Technologies <a href="https://www.eff.org/deeplinks/2013/12/eff-statement-presidents-review-groups-nsa-report">released its recommendations</a> for NSA reforms, Verizon appears to have <a href="http://www.techdirt.com/articles/20130917/17490324560/same-day-its-revealed-verizon-has-never-challenged-nsa-it-mocks-internet-companies-doing-so.shtml">made an about-face on comments</a> the company made earlier this year that mocked efforts by other tech companies to be more transparent. One Verizon executive called transparency efforts to be a bit of grandstanding, saying those companies merely, “waive their arms and protest loudly so as not to offend the sensibility of their customers.”</p>
<p>We welcome Verizon's change of heart. EFF has <a href="https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal">long </a>called on corporations to be transparent about what they do with the data that users entrust to them. Once the report is issued, Verizon will be the first telecom company to receive a star for transparency reporting in our next <a href="https://www.eff.org/who-has-your-back-2013">Who Has Your Back Report</a> for 2014, where we assess major Internet companies' commitment to standing by the rights of users in the face of government requests for personal information about their customers.</p>
<p>In 2014, we’ll be looking to the rest of the telecom industry to follow suit. AT&amp;T continues to refuse to publish a transparency report, despite <a href="http://bits.blogs.nytimes.com/2013/12/06/att-responds-to-shareholders-concerns-on-user-data/">receiving similar shareholder demands</a> to be more forthcoming about how the company shares the personal data of their customers with the government. In a <a href="http://graphics8.nytimes.com/packages/pdf/technology/ny-common-retirement-fund-sec-letter.pdf">letter to the Security and Exchange Commission</a>, AT&amp;T argued that public debate about mass surveillance has focused on the correctness of government actions, not on corporate actions. AT&amp;T is dead wrong; both <a href="https://www.eff.org/nsa-spying/timeline">AT&amp;T and Verizon were complicit in NSA spying</a>, even before the secret FISA court issued its first rubber-stamp order compelling them to do so.</p>
<p>Unfortunately, Verizon's transparency report will be stifled by the Justice Department's <a href="https://www.eff.org/deeplinks/2013/10/transparent-new-black">irrational and unconstitutional restrictions</a> on how transparent companies are allowed to be. With a mix of <a href="https://www.eff.org/issues/national-security-letters">gag orders</a> and <a href="https://www.eff.org/deeplinks/2013/03/new-statistics-about-national-security-letters-google-transparency-report">other burdensome restrictions</a>, companies are only allowed to disclose in very broad ranges the number of national security orders and the number of accounts affected.</p>
<p>“Verizon is working with the U.S. government regarding the detail the company can report on the number of National Security Letters it received last year,” the company's <a href="http://newscenter.verizon.com/corporate/news-articles/2013/12-19-verizon-to-publish-transparency-report/">announcement reads</a>. “Similar to transparency reports published by other major Internet companies, Verizon’s report will not disclose information about other national security requests received by the company.”</p>
<p>EFF whole-heartedly looks forward to reading Verizon's first transparency report when it's released, and we encourage the company to <a href="https://www.cdt.org/files/pdfs/weneedtoknow-transparency-bills-support-letter.pdf">join the fight against the government’s position that it must lie by the omission</a> of national security requests from the report. EFF strongly urges other telecommunications companies to adopt this industry standard best practice. With transparency reports, companies have the opportunity to deepen their consumers’ trust by being open about how governments around the world collect and use our private data. We hope Verizon’s first step will open the door to more wireless and broadband providers to begin regular transparency reporting.</p>
<p><strong>UPDATE:</strong> Moments after this post went live, AT&amp;T made its own about-face and <a href="http://www.prnewswire.com/news-releases/att-update-on-government-surveillance-position-236750591.html">announced that it too will release a transparency report</a> next year. While we welcome AT&amp;T’s announcement just as we welcomed Verizon’s, AT&amp;T has specifically noted that it will decline to push the Justice Department to publish even general numbers regarding intelligence agency requests. AT&amp;T’s failure to push for the right to fully and accurately inform the public about our government’s actions is extremely disappointing, and we urge AT&amp;T to reconsider its position.</p>
</div></div></div>Fri, 20 Dec 2013 19:58:24 +000078125 at https://www.eff.orgNational Security LettersNSA SpyingPATRIOT ActTransparencyApril GlaserNate CardozoEFF Argues for Release of Secret Legal Opinion on Surveillance Authority on Tuesdayhttps://www.eff.org/es/press/releases/eff-argues-release-secret-legal-opinion-surveillance-authority-tuesday
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">DC Appeals Court to Hear FOIA Lawsuit Against the Department of Justice </div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Washington, DC - Lawyers from the Electronic Frontier Foundation (EFF) will appear before the US Court of Appeals for the District of Columbia Circuit on Tuesday morning to argue for the release of a secret legal opinion on the federal government’s surveillance authority. For nearly three years, EFF has sought, under the Freedom of Information Act (FOIA), the disclosure of a document produced by the Office of Legal Counsel (OLC) that the FBI claims provides it with the authority to obtain private call-detail records in "certain circumstances," without any legal process or a qualifying emergency.</p>
<p><strong>Who:</strong> EFF Staff Attorney Mark Rumold, who will be delivering the oral argument, and EFF Senior Counsel David Sobel</p>
<p><strong>What:</strong> Oral argument in Electronic Frontier Foundation v. US Department of Justice (Case Number 12-5363)</p>
<p><strong>When:</strong> 9:30 am (EST), Tuesday, Nov. 26, 2013</p>
<p><strong>Where:</strong> Barrett Prettyman US Courthouse<br />
333 Constitution Ave., NW Washington, DC 20001.<br />
US Court of Appeals Courtroom - Judges Srinivasan, Edwards, &amp; Sentelle</p>
<p><strong>Media Availability:</strong> EFF attorneys will be available for comment immediately after the hearing at the courthouse.</p>
<p>In January 2010, the US Department of Justice's Office of the Inspector General released a report on the FBI's use of "exigent letters and other informal requests" to obtain telephone records from phone companies. The report described an OLC opinion that determined the federal government could obtain call records without legal process and without citing an emergency situation to justify the data collection. The OLC's determination appears to directly conflict with the Stored Communications Act, a federal privacy law that safeguards customer call records from disclosure to the government without valid legal process.</p>
<p>EFF submitted a FOIA request for the documents in February 2011, which the DOJ rejected. EFF filed its lawsuit in DC in May 2011 and appealed when the district court sided with government.</p>
<p>"The public has a fundamental right to know how the federal government is interpreting federal surveillance and privacy laws," Staff Attorney Mark Rumold said. "These interpretations affect wide swaths of society—the public, communications providers, and federal agencies—and the government cannot be allowed to shield its interpretations of law from public scrutiny. Secret surveillance law simply has no place in a democratic society."</p>
<h3>Contacts:</h3>
<p>Mark Rumold<br />
Staff Attorney<br />
Electronic Frontier Foundation<br /><a href="mailto:mark@eff.org">mark@eff.org</a></p>
<p>David Sobel<br />
Senior Counsel<br />
Electronic Frontier Foundation<br /><a href="mailto:sobel@eff.org">sobel@eff.org</a></p>
</div></div></div>Mon, 25 Nov 2013 18:58:27 +000077709 at https://www.eff.orgDave MaassApple Issues First Transparency Report, Includes "Warrant Canary"https://www.eff.org/es/deeplinks/2013/11/apples-first-transparency-report-gets-warrant-canaries-right
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">On Tuesday, yet another one of the nine companies originally implicated in the<a href="https://www.eff.org/deeplinks/2013/06/what-we-need-to-know-about-prism"> PRISM program</a> released<a href="//www.apple.com/pr/pdf/131105reportongovinforequests3.pdf"> its first transparency report</a>. Apple joins the ranks of Google,<a href="https://www.eff.org/deeplinks/2013/10/deeper-dive-into-facebook-and-yahoo-transparency-reports"> Yahoo, and Facebook</a>, among others that have issued reports that detail the number of requests the companies receive from governments for user data.</p>
<p dir="ltr">EFF has <a href="https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal">long </a>called on corporations to be transparent about what they do with the data that users entrust to them. Transparency reports have become the industry standard, and we are delighted to be able to award Apple another star in the 2014 edition of our annual<a href="https://www.eff.org/who-has-your-back-2013"> Who Has Your Back</a> campaign, where we assess major Internet companies' commitment to standing by the rights of users in the face of government requests for personal information about their customers.</p>
<p dir="ltr">This is Apple's first transparency report, and it only looks at the first half of 2013. The report includes information about which countries have asked for user data, the number of requests received and granted, the number of times Apple has objected to information requests, as well as the number of information requests where Apple has not disclosed data.</p>
<p dir="ltr">The U.S. is reported to have made the most requests. After the U.S., the top three countries requesting user information are the United Kingdom (127), Spain (102), and Germany (93).</p>
<p dir="ltr">In the report, Apple makes an important distinction between government requests for “data” and government requests for “content”. Apple defines data as “personal identifiers”, such as Apple IDs, email addresses, and telephone and credit card numbers. When Apple hands over user content, however, the company provides governments with more detailed information like iCloud emails, contacts, photos, and calendars.</p>
<p dir="ltr">Transparency reports are a voluntary tool used by companies to provide the public with information about government requests for user data. Despite their importance, the U.S. government makes it difficult for corporations to be as transparent as they might prefer to be about how their customers’ data is shared. With a mix of <a href="https://www.eff.org/issues/national-security-letters">gag orders</a> and <a href="https://www.eff.org/deeplinks/2013/03/new-statistics-about-national-security-letters-google-transparency-report">other burdensome restrictions</a>, companies are only allowed to disclose in very broad ranges the number of national security orders and the number of accounts affected. Apple notably opposes these gag orders and points out in its report that the company has and will continue to strongly advocate for these restrictions to be lifted.</p>
<p dir="ltr">We agree with Apple. In March of this year, months before the NSA spying revelations flooded the press, a<a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute"> federal judge ruled</a> in favor of our client, an unnamed telecommunications company that challenged the FBI's ability to issue National Security Letters and gag companies from disclosing the fact that they are legally obligated to share their customers' data with the government. The judge found those gag orders and related restrictions to be in violation of the First Amendment.</p>
<p dir="ltr">Take a quick glance at Apple’s report and it becomes obvious just how stifling gag orders are. Apple lists that they received between 1000-2000 account information requests from the United States. As Apple explains, the U.S. government only allows companies to report a “consolidated range in increments of 1000” and further requires reporting on government requests to combine law enforcement and national security order requests. Apple graphs the 33 countries that have solicited their users' data; the U.S. is listed as having issued between 1000-2000 requests. Countries that have a poor track record of protecting human rights, including Russia, China, and the United Arab Emirates, have likewise made information requests that have been honored by Apple.</p>
<p dir="ltr">Except for the U.S., Apple lists exact numbers for all of the 33 other countries that have requested user data from the company. For example, the United Kingdom made 127 requests in the first six months of 2013. Providing this exact number allows users to more accurately grasp the scope of government surveillance.</p>
<p dir="ltr">Perhaps the most interesting part of the transparency report are the last two sentences: “Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”</p>
<p dir="ltr">Apple’s statement is an implementation of the so-called “<a href="https://en.wikipedia.org/wiki/Warrant_canary">warrant canary</a>.” Canaries are used to signal that, as of the date published, there have been no law enforcement requests of a particular type received. In Apple's case, the canary is limited to a signal that no secret <a href="https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans">Section 215</a> orders have been served on the company. If the canary is removed in the next transparency report, it is safe for users to assume that a Section 215 data request and the accompanying gag order has been issued. We appreciate Apple’s implementation in particular, including its six-month delay, because if its use is ever challenged in court, the ample time will allow a judge to coolly and calmly review the constitutionality of any government attempt to compel Apple to lie. We fear that if the first challenge to a warrant canary comes before a court in a more rushed context, a rushed judge could make bad law.</p>
<p dir="ltr">We applaud Apple's decision to release a transparency report, and hope that the company will continue to publish reports regularly. Every company that issues a transparency report brings us critical insight into how governments around the world use (and abuse) legal processes to collect our private data.</p>
</div></div></div>Thu, 07 Nov 2013 17:10:44 +000076980 at https://www.eff.orgCommentaryPrivacyNational Security LettersNSA SpyingApril GlaserA Deeper Dive Into Yahoo and Facebook's Transparency Reportshttps://www.eff.org/es/deeplinks/2013/10/deeper-dive-into-facebook-and-yahoo-transparency-reports
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Ever since Google issued its <a href="https://www.eff.org/deeplinks/2010/04/google-shows-government-information-and-takedown">first transparency report</a> in early 2010, EFF has <a href="https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal">called on other companies</a> to follow suit and disclose statistics about the number of government requests for user data, whether the request they receive is an official demand (such as a warrant) or an unofficial request. After all, users make decisions every day about which companies they trust with their data, therefore companies owe it to their customers to be transparent about when they hand data over to governments and law enforcement.</p>
<p>Since 2010, other companies have <a href="https://www.eff.org/who-has-your-back-2013">risen to the challenge</a>, including <a href="http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/">Microsoft</a>, Internet service provider <a href="http://corp.sonic.net/ceo/2012/04/13/transparency-report/">Sonic.Net</a>, cloud storage providers <a href="https://spideroak.com/blog/20130404171036-increasing-transparency-alongside-privacy-2013-report">SpiderOak</a> and <a href="https://www.dropbox.com/transparency">DropBox</a>, as well as social media companies such as <a href="http://help.linkedin.com/app/answers/detail/a_id/41878">LinkedIn</a> and <a href="https://transparency.twitter.com/">Twitter</a>.</p>
<p>Now, two more companies have joined the movement: In the past couple of months, both <a href="http://info.yahoo.com/transparency-report/government-data-requests">Yahoo</a> and <a href="https://www.facebook.com/about/government_requests">Facebook</a> issued their first transparency reports, covering the period of January-June 2013.</p>
<p>While we wish they had not taken this long, the two companies deserve kudos for taking this important step. Companies are under no legal obligation to inform their customers about government requests for their data—this is a voluntary step. Both companies are members of the <a href="http://globalnetworkinitiative.org/principles/index.php">Global Network Initiative</a>, however, which counts transparency among its core principles.</p>
<p><b>User trust</b></p>
<p>But in light of this summer’s revelations about the NSA’s <a href="http://www.salon.com/2013/06/09/can_you_use_the_internet_without_prism_partner/">PRISM</a>—the program under which the NSA gains the ability to access to the private communications of users of many of the most popular Internet services, including those owned by Google, Microsoft, Facebook, and Yahoo—Internet giants are rushing to do what they can to restore user trust.</p>
<p>In September, Google, Facebook, and Yahoo all filed requests to the U.S. Foreign Intelligence Surveillance Court (FISC), asking for permission to publish the specific number of <a href="https://www.eff.org/issues/national-security-letters">National Security Letters</a> (NSL) that the companies received in the past year as well as the total number of user accounts affected by those requests. Of all the dangerous government surveillance powers that were expanded by the <a href="https://en.wikipedia.org/wiki/Patriot_Act">USA PATRIOT Act</a>, the NSL power provided by <a href="https://www.fas.org/sgp/crs/intel/RL33320.pdf">five statutory provisions</a> is one of the most frightening and invasive. These letters—the type served on communications service providers such as phone companies and ISPs and are authorized by <a href="http://www.law.cornell.edu/uscode/text/18/2709">18 U.S.C. 2709</a>—allow the FBI to secretly demand data about ordinary American citizens' private communications and Internet activity without any prior judicial review. To make matters worse, recipients of NSLs are subject to gag orders that forbid them from ever revealing the letters' existence to anyone. A federal judge found NSLs <a href="https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">unconstitutional</a> in March, but the order is on hold pending the government's appeal.</p>
<p>Some companies have published aggregate numbers, ranging from 0-999 or 1000-1999 that give us a broad and blurry view of just how widespread the use of NSLs has been, but more detailed numbers would much more helpful to the public understanding of the surveillence, without compromising security.</p>
<p><b>So now that Facebook and Yahoo have issued transparency reports, what do they tell us?</b></p>
<p>Facebook’s <a href="https://www.facebook.com/about/government_requests">Global Government Requests Report</a> covers January-June 2013 and reveals that 71 countries requested data on a total of 37,954 to 38,954 users. Unsurprisingly, the US demanded the largest amount of user data, making somewhere between 11,000 to 12,000 requests for 20,000 to 21,000 users.</p>
<p>India came in a close second, with 3,245 requests for 4,144 accounts, and the United Kingdom ranked third with 1,975 requests for 2,337 users. Facebook also revealed the number of times the requests produced "some data." Facebook handed over data to the U.S. 79% of the time, but only 50% and 68% of the time for India and the United Kingdom, respectively.</p>
<p>The vast majority of requests made to Facebook by less democratic countries (including Cote d’Ivoire, Nepal, and Qatar) were refused, however two nations stood out in the report: Pakistan and Turkey. In the case of Pakistan, 35 requests were made for 47 users, 77% of which Facebook complied with. In the case of Turkey, 96 requests for 170 users were made, and complied with 47% of the time.</p>
<p>What makes this unique is that no other major company has reported compliance with requests from Pakistan. The South Asian country is nominally a democracy, but censors the Internet heavily and has made a <a href="https://www.eff.org/deeplinks/2012/02/not-a-hoax-pakistan-requests-proposals-national-filtering-and-blocking-system">relatively transparent effort</a> of seeking Western companies to enable greater censorship and surveillance, a role that Canadian company <a href="http://bolobhi.org/canadian-government-responds-netsweeper-pakistan/">Netsweeper</a> has been all too eager to fill. It is notable that Facebook has no offices in Pakistan (an office in-country could allow Pakistan to directly seek information from a local employee), nor has Pakistan signed a mutual legal assistance treaty (MLAT) with the US, putting Facebook under no legal obligation to comply with requests from the government. </p>
<p>With no offices in Turkey, either, it’s surprising to see such a high rate of compliance. Complaints of Facebook censoring certain content in Turkey abound, and as a recent blog post by a Kurdish activist <a href="http://hevallo.blogspot.co.uk/2013/09/more-details-about-our-facebook-meeting.html">demonstrates</a>, some of that censorship seems quite arbitrary. </p>
<p>At the same time, if Facebook doesn’t comply, it undoubtedly risks being blocked in these countries, just as YouTube was for several years, and a tool used by opposition figures and activists might become unavailable. On balance, we think most countries would rightly be hesitant to remove popular Internet tool, as it may create more unrest than the information sought to be quashed. </p>
<p>While Facebook has been transparent about its <a href="https://www.facebook.com/safety/groups/law/guidelines/">law enforcement guidelines</a>, information regarding its processes when it comes to international requests is vague - the data use policy allows disclosure when "consistent with internationally recognized standards," which are not defined. Facebook could enhance its transparency by clarifying its standards for complying with requests; even if its standards are perfect in every way, users are legitimately concerned when they do not know what standards might apply.</p>
<p>Like Facebook, Yahoo also reported that the United States led the number of requests, with 12,444 data requests that included 40,322 Yahoo accounts. Yahoo handed content-related data, including communications in Yahoo Mail or Messenger, photos on Flickr or Yahoo Address Book entries, over to American agencies in 4,604 cases. The company gave the government non-content related information, which includes a person’s name, location or Internet Protocol address, in 6,798 cases.</p>
<p>Yahoo received fewer requests from the United Kingdom (1,709) and India (1,490) than did Facebook, with similar compliance rates. Once nice feature of Yahoo’s report is that it breaks down the type of data disclosure (non-content vs. content) in a pie chart for each country. In the UK, for example, 44% of requests were responded to with disclosures of non-content data, while in 20% of cases, content was disclosed to law enforcement.</p>
<p>Surprisingly, Yahoo received <a href="http://info.yahoo.com/transparency-report/hk/">far more requests</a> from Hong Kong than any other company, and complied with 100% of them (content was only disclosed in 1% of those cases). The South China Morning Post <a href="http://www.scmp.com/news/hong-kong/article/1305928/yahoo-complied-requests-data-800-plus-hong-kong-users">quoted</a> lawmaker Charles Mok as saying that the number was high, and called on Yahoo to disclose which government agencies requested the data.</p>
<p> </p>
<div>
<div>
<div></div>
</div>
</div>
</div></div></div>Fri, 25 Oct 2013 14:01:40 +000076618 at https://www.eff.orgInternationalPrivacyNational Security LettersNSA SpyingTransparencyEva GalperinJillian C. YorkLinkedIn Fights In Court For Surveillance Transparency on Multiple Frontshttps://www.eff.org/es/deeplinks/2013/09/linkedin-commendably-fights-surveillance-transparency-court-multiple-fronts
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a welcome and commendable move, LinkedIn, the business social networking giant, <a href="http://blog.linkedin.com/2013/09/17/linkedins-commitment-to-transparency-about-government-requests-for-member-data/?utm_content=sf17313390&amp;utm_medium=spredfast&amp;utm_source=linkedin&amp;utm_campaign=LinkedIn+Social&amp;sf17313390=1">has filed an amicus brief</a> in EFF’s landmark case challenging the statute governing National Security Letters (NSLs) as an unconstitutional prohibition of free speech (read the <a href="http://press.linkedin.com/download-media/423">full brief here</a>). LinkedIn has also filed a motion with the FISA court arguing it’s their First Amendment right to publish how many users are affected by FISA court orders, which have been at the center of the NSA scandal.</p>
<p>In a historic decision this March, a California district court judge <a href="https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute">struck down a National Security Letter statutes</a> on the basis that its broad gag orders prohibiting companies from even acknowledging they received an NSL violated the First Amendment. The decision is now up on appeal in the Ninth Circuit and LinkedIn has filed its brief in support of EFF’s unnamed client.</p>
<p>We applaud LinkedIn’s push for more transparency surrounding both NSLs and FISA court orders, which are both under renewed scrutiny since <em>The Guardian</em> and <em>Washington Post</em> started publishing revelations based on documents given to them by NSA whistleblower Edward Snowden in June.</p>
<p>One of EFF’s core arguments on behalf of our gagged client—echoed by LinkedIn in its amicus brief—is simple: Americans have the right to know how pervasive the FBI’s use of this largely unchecked power has become. Since the first national security letter statute was passed in 1986, the FBI has issued hundreds of thousands of such letters seeking private telecommunications and financial records of Americans without any court approval whatsoever. The broad gag orders prevent recipients from even being able to acknowledge receipt of one—making them ripe for abuse—and the FBI has, on multiple occasions, been excoriated by government watchdogs for exceeding their powers.</p>
<p>Like other companies such as Google and Microsoft, LinkedIn has been trying to negotiate with the government about a way to tell the public how many people are affected by these orders. The government has refused to budge, sticking to its insufficient offers to permit publication of vague '0-999' ranges, attempting to defuse the crisis without giving enough data for an informed debate. These proposed compromises fail to solve the clear First Amendment problems created by the NSL surveillance regime.</p>
<p>LinkedIn’s legal briefs are an extension of <a href="http://www.csmonitor.com/Innovation/2013/0718/Internet-companies-call-for-greater-transparency-from-secret-court">a July 18, 2013 letter</a> that dozens of companies, nonprofit organizations, and trade associations sent a letter to President Obama and Congress urging greater transparency around national security-related requests from the US government. We hope other companies will follow LinkedIn’s lead and join in the legal fight. We also hope that other companies who are already pushing back against suspect surveillance authorities, but who are doing so in secret because of gag orders, will keep up their efforts.</p>
<p>These gag orders violate the free speech of their company, but also the trust of their users. In their legal brief, LinkedIn makes the point that even the US government has emphasized that being able to explain privacy protections to users is a key building users' trust. As the Internet Policy Task Force of the Department of Commerce noted in a report:</p>
<blockquote><p>Privacy protections are crucial to maintaining consumer trust, which is necessary to secure full use of the Internet as a political, educational, cultural, and social medium. Trust—the belief that someone or something will behave as expected, and not another way—is of central importance to the Internet.</p></blockquote>
<p>We couldn’t agree more and we hope the Ninth Circuit and FISA court do too.</p>
</div></div></div>Wed, 18 Sep 2013 19:28:30 +000075728 at https://www.eff.orgFree SpeechNational Security LettersNSA SpyingTransparencyTrevor TimmPresident Foreshadows New Internet Surveillance Proposal During National Security Speechhttps://www.eff.org/es/deeplinks/2013/05/president-hints-new-surveillance-powers-during-speech-tell-white-house-protect
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="https://www.eff.org/files/images_insert/calea2-square_0.jpg" width="265" height="265" alt="" class="image-right" />President Obama <a href="http://www.npr.org/2013/05/23/186305171/transcript-obama-addresses-counterterrorism-drones">gave an influential speech</a> on counter terrorism and national security policy last week, and while much of the media coverage discussed the President remarks on Guantanamo prison and drone strikes, buried in the speech was a line just as critical to civil liberties online.</p>
<p>Half way through <a href="http://www.whitehouse.gov/the-press-office/2013/05/23/remarks-president-barack-obama">the speech</a>, Obama said he wanted to “review[] the authorities of law enforcement, so we can intercept new types of communication, and build in privacy protections to prevent abuse.”</p>
<p>We certainly agree with the president we need new privacy protections for our digital communications, and it’s encouraging to hear him suggest support for such proposals. After all, we know the vast surveillance authorities given to law enforcement over the last decade’—like the <a href="https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act">Patriot Act</a>, <a href="https://www.eff.org/deeplinks/2012/12/congress-disgracefully-approves-fisa-warrantless-eavesdropping-bill-five-more">FISA Amendments Act</a>, and <a href="https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules">National Security Letters</a>—have been serially abused. Unfortunately, President Obama has actively defended these laws and policies in Congress and the courts, despite promising to reform them as a candidate.</p>
<p>There are still many measures his administration could support in the coming months to protect Americans communications. The White House could formally support <a href="https://www.eff.org/deeplinks/2013/05/update-email-privacy-law-must-go-further">reform of the Electronic Communications Privacy Act</a>, which still says law enforcement agencies do not need warrants to obtain emails over 180 days old. The White House could come out in favor of warrant protection for cell-phone location information since it’s requested by authorities <a href="https://www.eff.org/deeplinks/2012/07/law-enforcement-agencies-demanded-cell-phone-user-info-much-more-13-million-times">literally millions of times a year</a> without a warrant. In the wake of the Associated Press scandal, Obama could also support a bill to <a href="https://www.eff.org/deeplinks/2013/05/5-overlooked-lessons-justice-depts-leak-investigations">require a court order</a> for call records of all Americans.</p>
<p>But the first half of Obama’s statement—about “review[] the authorities of law enforcement, so we can intercept new types of communication”—is quite troubling. The line is likely an allusion to CALEA II, a <a href="https://www.eff.org/deeplinks/2013/05/caleatwo">dangerous</a> proposal the <i>New York Times</i> has reported the administration “is on the verge of backing.” The measure would force companies like Google and Facebook to install backdoors in all of their products to facilitate law-enforcement access, putting both our privacy and security at risk. </p>
<p>Law enforcement certainly doesn’t need more legal authorities to conduct digital surveillance. As mentioned above, Congress has already been provided a huge amount of new surveillance authority that has been abused.<b> </b>As former White House Chief Counselor for Privacy <a href="http://www.peterswire.net/psresumebio.htm">Peter Swire</a> said in 2011, "<a href="https://www.cdt.org/blogs/2811going-dark-versus-golden-age-surveillance">today [is] a golden age for surveillance</a>."</p>
<p>Indeed, it seems that the law enforcement is working at cross-purposes with the folks concerned about actual cybersecurity. Just a few months ago in his State of the Union address, Obama himself <a href="http://www.securityorb.com/2013/02/president-obamas-state-union-cybersecurity-text/">talked about</a> hackers who steal people’s identities and infiltrate private e-mail” and “foreign countries and companies [that] swipe our corporate secrets.” Requiring real-time back doors into all of our communications would make those kinds of attacks easier. Recently, a group of more than a dozen of <a href="https://www.cdt.org/blogs/joseph-lorenzo-hall/1705leading-security-experts-say-fbi-wiretapping-proposal-would-undermine-">the nation’s best cybersecurity experts published a paper</a> explaining why such a proposal would be a disaster for Internet security, giving hackers all over the world a central point of vulnerability to target.</p>
<p>And of course the FBI has still failed to put forth any evidence showing a bill to “intercept new kinds of communications” is needed at all. According to government statistics, from 2006-2010, the FBI has been ultimately thwarted by encryption <b>zero </b>times in their criminal investigations.</p>
<p>Citing privacy concerns, the White House <a href="http://mashable.com/2013/04/16/white-house-veto-cispa/">commendably has threatened to veto CISPA</a>, the cybersecurity bill. It should also jettison this ill-conceived CALEA II proposal in favor of privacy <i>and </i>security.</p>
<p><a href="https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=9252">Email and call the White House today</a> to tell them you oppose any plan to make Internet companies build government backdoors into your communications.</p>
</div></div></div>Thu, 30 May 2013 20:35:23 +000074385 at https://www.eff.orgCell TrackingLocational PrivacyNational Security LettersNSA SpyingPATRIOT ActTransparencyTrevor TimmIn Depth: The District Court's Remarkable Order Striking Down the NSL Statutehttps://www.eff.org/es/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>On Friday, EFF received the long-awaiting ruling on its <a href="https://www.eff.org/deeplinks/2012/07/eff-challenges-national-security-letter-statute-landmark-lawsuit">2011 petition</a> to set aside a National Security Letter (NSL) issued to a telecommunications company. The petition challenged the constitutionality of one of five national security letter statutes, <a href="http://www.law.cornell.edu/uscode/text/18/2709">18 U.S.C. § 2709</a>. And what a ruling it was. In a <a href="https://www.eff.org/files/filenode/nsl_order_scan.pdf">detailed and careful 24-page opinion</a>, Judge Susan Illston of the district court for the Northern District of California methodically addressed the government's attempted justifications for this controversial domestic surveillance tool and found that the statute failed to meet the standards of settled First Amendment law.</p>
<p>First, a moment to underscore the importance of this ruling. Over the past decade, since the PATRIOT Act expanded its reach from foreign agents and spies to anyone whose information may be "relevant" to a national security investigation, the FBI has issued hundreds of thousands of NSLs seeking potentially intimate information about Americans. Supporters of NSLs have frequently attempted to discount privacy concerns and have characterized criticism as "<a href="http://www.abajournal.com/magazine/article/national_security_letters_building_blocks_for_investigations_or_intrusive_t"></a><a href="http://www.abajournal.com/magazine/article/national_security_letters_building_blocks_for_investigations_or_intrusive_t/">hyperbole</a>," but the reality is very different. As Judge Victor Marrero of the Southern District of New York noted in his 2004 <em><a href="http://www.aclu.org/FilesPDFs/nsl_decision.pdf">Doe v. Ashcroft</a></em> NSL decision, the NSL statute grants enormous, unchecked power to pry into the private lives of people within the United States:</p>
<blockquote><p>The FBI theoretically could issue to a political campaign's computer systems operator a § 2709 NSL compelling production of the names of all persons who have email addresses through the campaign's computer systems. The FBI theoretically could also issue an NSL under § 2709 to discern the identity of someone whose anonymous online web log, or “blog,” is critical of the Government.</p></blockquote>
<p>Any statutory structure that grants the executive branch such power and couples that power with the ability to hide its behavior from scrutiny is ripe for abuse. And as we know, based on a <a href="https://www.eff.org/wp/patterns-misconduct-fbi-intelligence-violations">series of internal investigations ordered by Congress</a>, this abuse has occurred with NSLs.</p>
<p>With Friday's opinion, entitled <em>In Re National Security Letter</em>, not only did the court set aside <em>this</em> particular letter, it barred <em>any</em> NSLs to telecommunications providers, finding that the statute was so inherently flawed that it could not stand. The decision will likely be appealed, and the order has been stayed in order to give the government the time to file an appeal, but the federal district court deserves enormous credit for not shying away from EFF's request and instead tackling most of the difficult issues head on.</p>
<p>With this case, EFF follows in the strong footsteps of our friends at the ACLU. In 2008, on behalf of <a href="http://www.aclu.org/national-security/doe-v-holder">Nicholas Merrill</a>, the ACLU succeeded in convincing both a district court and the Second Circuit Court of Appeals to acknowledge the serious structural problems with the NSL statute. Unfortunately, despite finding the statute unconstitutional, the Second Circuit in its <a href="http://www.aclu.org/pdfs/safefree/doevmukasey_decision.pdf"><em>Doe v. Mukasey</em></a> opinion approved the continued use of NSLs if the FBI undertook certain voluntary measures aimed at curbing abuse.</p>
<p>The district court here found similar constitutional flaws but took those problems to their rightful conclusion. The court flatly rejected the Second Circuit's attempts to rewrite the statute and rely on voluntary FBI actions to fix it, instead striking it down. While the decision rested primarily on failings with the gag provision, the court ruled that that provision was not severable from the rest of the statute and struck the statute in its entirety. As a result, if the decision is upheld, Congress must step in and repair the structural defects to better protect First Amendment rights if it intends to continue to grant similar power to the FBI.</p>
<p>The court made five critical findings. First, Judge Illston quickly rejected the government's dangerous argument that NSL recipients had no power to review the constitutionality of the statute. The government had suggested that the court could only review specific problems with specific NSLs, meaning that larger structural problems with the statute would remain untouched. As the court correctly noted, however, the statute specifically allows a court to determine whether an NSL is "unreasonable" or "unlawful" which includes determining whether the statute itself is unconstitutional.</p>
<p>Second, the district court found that the statute impermissibly authorizes the FBI to limit speech without constitutionally-mandated procedural protections. The Supreme Court articulated the scope for such protections in 1965 in <em><a href="http://scholar.google.com/scholar_case?case=5133094020488688451&amp;hl=en&amp;as_sdt=2&amp;as_vis=1&amp;oi=scholarr">Freedman vs. Maryland</a>,</em> a case in which it struck down a Maryland licensing scheme that required films to be submitted to a government ratings board prior to public showings. The problem with the statute wasn't necessarily its substantive reach as it was possible that films could be banned without violating the First Amendment -- if, for example, they met the First Amendment definition of "obscene." Instead, the court was concerned that the procedures for challenging a ban stacked the deck against theater owners. As the <em>Freedman</em> Court said at the time:</p>
<blockquote><p>Because the censor's business is to censor, there inheres the danger that he may well be less responsive than a court -- part of an independent branch of government -- to the constitutionally protected interests in free expression. And if it is made unduly onerous, by reason of delay or otherwise, to seek judicial review, the censor's determination may in practice be final.</p></blockquote>
<p>Accordingly, where speech is conditioned on first obtaining permission from the government, a statute must be designed to ensure that any person who is gagged gets a quick, fair opportunity to challenge that decision. Specifically, the <em>Freedman</em> Court required that:</p>
<ol><li>the burden must fall on the government to go to court to obtain approval for any gag</li>
<li>any pre-review gag must be strictly limited in time, and</li>
<li>the time in which a reviewing court must make its determination must be set to "short fixed period compatible with sound judicial resolution."</li>
</ol><p>The NSL statute plainly fails the <em>Freedman</em> test: the FBI can gag an NSL recipient on its own and without any judicial review, the statute does not force the government to initiate the review in the event that a recipient objects, and there are no requirements that a challenge be promptly heard or evaluated. Just as in the <em>Freedman</em> case, the district court here noted that the FBI was inclined to gag NSL recipients and the statute improperly stacked the deck against NSL recipients if they chose to challenge the gag.</p>
<p>Third, the court here also found that the statute must meet and failed to meet the exacting "strict scrutiny" standard required of statutes that restrict speech based on their content. Strict scrutiny requires that the government's gag be "narrowly tailored" to meet its needs, but the court held that even if the government's motivations were sound, it prohibited speech too broadly to meet those goals:</p>
<blockquote><p>The problem … is that the statute does nothing to account for the fact that when no such national security concerns exist, thousands of recipients of NSLs are nonetheless prohibited from speaking out about the mere fact of their receipt of an NSL, rendering the statute impermissibly over broad and not narrowly tailored.</p></blockquote>
<p>The court also noted that the statute was overly broad in that it authorized gags of indefinite length, regardless of any actual specific need over time.</p>
<p>Fourth, the district court found that the statute was not "severable," meaning that Congress designed the NSL tool as a whole and that the powers it granted to the FBI were not intended to function separately if one of the powers was found to be unconstitutional. Because the nondisclosure provision was found to be unconstitutional on its face, the power to compel the disclosure of customer records must also fall. NSL statistics are consistent with this observation: <a href="http://www.justice.gov/oig/testimony/t0909.pdf">97% of all NSLs are delivered with a gag order</a>.</p>
<p>Finally, the district court found that, regardless of other failings, the statute's standard of review violated separation of powers principles by forcing the courts to defer to the FBI's determinations and preventing independent review. It noted that a "[c]ourt can only sustain nondisclosure based on a searching standard of review." While courts do largely defer to the executive branch's judgment in national security matters, the standard in this statute required the court to consider the government's decision "conclusive" and only allowing the court to consider whether it was made in "bad faith." The court rightly noted that real judicial review requires more. </p>
<p>The court did not adopt all of EFF's arguments. Under the Supreme Court's <a href="https://en.wikipedia.org/wiki/Plurality_opinion">plurality</a> holding in <em><a href="http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?court=us&amp;vol=403&amp;invol=713">New York Times v. United States</a></em> -- the famous "Pentagon Papers" case -- prior restraints in the national security context may only be justified if the disclosure of certain information "will surely result indirect, immediate, and irreparable harm to our Nation or its people," demonstrated by a showing of specific evidence to a court. EFF noted that the NSL statute permits the imposition of gags if the FBI certifies on its own that disclosure "may" result in some unspecified "harm" to a law enforcement investigation, a standard far below that of the Pentagon Papers case. Concluding that the prior restraint imposed by the NSL statute did not amount to a "classic" prior restraint, however, Judge Illston held that such standards would be "extraordinarily rigorous" and "too exacting."</p>
<p>The district court also did not address EFF's argument that the statute granted too much unbounded discretion to the FBI. Even if discretion is properly vested in a government agency to make certain evaluations, that evaluation must be constrained by "narrow, objective, and definite standards" so that the court can evaluate whether an agency like the FBI exceeds its authority. Once again, the NSL statute authorizes the FBI to gag NSL recipients whenever, in its view, a disclosure “may” result in a harm to national security or interfere with a criminal investigation. This language is subjective and sweeping, giving a court no practical ability to evaluate whether the FBI is properly exercising -- or exceeding -- its authority. As the court struck down the nondisclosure provision on other grounds, it did not reach this separate ground.</p>
<p>Finally, Judge Illston also declined to address another critical flaw argued by EFF: that the ability to obtain without court supervision the subscriber records of telecommunications customers -- such as an unidentified Internet poster's identity or a known individual's "calling circle" -- potentially violated the First Amendment rights to anonymous speech and association of subscribers. Without court approval ahead of time, victims of FBI overreach could never be made whole since the privacy rights at stake could never be reconstructed. However, Judge Illston struck down the records provision on severability grounds because of the fatal wound imposed by the unconstitutional gag provision instead of addressing the matter directly. </p>
<p>The <em>In Re National Security Letter</em> order is a major victory, first for EFF's anonymous client who we congratulate for its courage, sense of civic responsibility, and determination to stand up for the privacy rights of its customers. While many people have identified the unfairness and injustice of the NSL statute, exceedingly few demonstrated the courage to stand up and take on the power of the national security apparatus of the United States government. Indeed, as we have <a href="https://www.eff.org/deeplinks/2012/07/eff-challenges-national-security-letter-statute-landmark-lawsuit">previously reported</a>, the government shockingly responded to EFF's challenge by <a href="https://www.eff.org/files/filenode/complaint-redacted.pdf">suing our client</a>, claiming that by "stat[ing] its objection to compliance with the provisions of" the NSL by "exercis[ing] its rights under" the NSL statute to challenge the NSL's legality, EFF's client was "interfer[ing] with the United States' vindication of its sovereign interests in law enforcement, counterintelligence, and protecting national security."</p>
<p>Of course while this decision is a major victory, it is likely also a preliminary one. Because of the stay of the ruling, our client <em>still</em> cannot identify itself and participate more fully in the public debate about NSLs. EFF is gearing up for the likely appeal to the Ninth Circuit Court of Appeals and, possibly, to the Supreme Court. But that shouldn't stop us from taking a moment to celebrate and to remember that over-reaching national security powers can be challenged and challenged successfully.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div></div></div>Mon, 18 Mar 2013 19:07:33 +000073555 at https://www.eff.orgLegal AnalysisFree SpeechPrivacyNational Security LettersMatt ZimmermanNational Security Letters Are Unconstitutional, Federal Judge Ruleshttps://www.eff.org/es/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Court Finds NSL Statutes Violate First Amendment and Separation of Powers</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - A federal district court judge in San Francisco has ruled that National Security Letter (NSL) provisions in federal law violate the Constitution. The decision came in a lawsuit challenging a NSL on behalf of an unnamed telecommunications company represented by the Electronic Frontier Foundation (EFF).</p>
<p>In the ruling publicly released today, Judge Susan Illston ordered that the Federal Bureau of Investigation (FBI) stop issuing NSLs and cease enforcing the gag provision in this or any other case. The landmark ruling is stayed for 90 days to allow the government to appeal.</p>
<p>"We are very pleased that the court recognized the fatal constitutional shortcomings of the NSL statute," said EFF Senior Staff Attorney Matt Zimmerman. "The government's gags have truncated the public debate on these controversial surveillance tools. Our client looks forward to the day when it can publicly discuss its experience."</p>
<p><img src="https://www.eff.org/files/nsl_team.jpg" align="middle" width="475px" /></p>
<p><em>EFF's NSL legal team. From left: Mark Rumold, Kurt Opsahl, Cindy Cohn, Matt Zimmerman and Nate Cardozo. </em></p>
<p>The controversial NSL provisions EFF challenged on behalf of the unnamed client allow the FBI to issue administrative letters -- on its own authority and without court approval -- to telecommunications companies demanding information about their customers. The controversial provisions also permit the FBI to permanently gag service providers from revealing anything about the NSLs, including the fact that a demand was made, which prevents providers from notifying either their customers or the public. The limited judicial review provisions essentially write the courts out of the process.</p>
<p>In today's ruling, the court held that the gag order provisions of the statute violate the First Amendment and that the review procedures violate separation of powers. Because those provisions were not separable from the rest of the statute, the court declared the entire statute unconstitutional. In addressing the concerns of the service provider, the court noted: "Petitioner was adamant about its desire to speak publicly about the fact that it received the NSL at issue to further inform the ongoing public debate."</p>
<p>"The First Amendment prevents the government from silencing people and stopping them from criticizing its use of executive surveillance power," said EFF Legal Director Cindy Cohn. "The NSL statute has long been a concern of many Americans, and this small step should help restore balance between liberty and security."</p>
<p>EFF first brought this challenge on behalf of its client in May of 2011.</p>
<p>For the full order:<br /><a href="https://www.eff.org/document/nsl-ruling-march-14-2013">https://www.eff.org/document/nsl-ruling-march-14-2013</a></p>
<p>For more on this case:<br /><a href="https://www.eff.org/cases/re-matter-2011-national-security-letter">https://www.eff.org/cases/re-matter-2011-national-security-letter</a></p>
<p>Contacts:</p>
<p>Matt Zimmerman<br />
Senior Staff Attorney<br />
Electronic Frontier Foundation<br />
mattz@eff.org</p>
<p>Cindy Cohn<br />
Legal Director<br />
Electronic Frontier Foundation<br />
cindy@eff.org</p>
<p>Kurt Opsahl<br />
Senior Staff Attorney<br />
Electronic Frontier Foundation<br />
kurt@eff.org</p>
</div></div></div>Fri, 15 Mar 2013 21:27:24 +000073526 at https://www.eff.orgRebecca JeschkeProponents of Canada’s Online Spying Bill Still Trying to Justify Excessive Powershttps://www.eff.org/es/deeplinks/2012/07/proponents-canada-online-spying-bill-still-trying-justify-excessive-powers
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Canada’s online surveillance bill may be <a href="https://www.eff.org/deeplinks/2012/02/keep-pressure-canadian-online-surveillance-bill-pause-fight-continues">on hold</a> for now, but a recent <a href="http://www.cbc.ca/news/canada/story/2012/07/13/pol-cp-csis-online-surveillance-fadden.html">news article</a> confirms that a rather formidable figure has been angling for its return: Richard Fadden, head of the Canadian equivalent of the FBI. Fadden, director of the Canadian Security Intelligence Service (CSIS), wrote in a letter that the highly contentious Bill C-30 was “vital” to protecting national security. The letter was sent to Public Safety Minister Vic Toews, the driver behind Bill C-30, in late February. It was released to the Canadian Press in response to a request filed under the Access to Information Act.</p>
<p>As EFF <a href="https://www.eff.org/deeplinks/2012/02/keep-pressure-canadian-online-surveillance-bill-pause-fight-continues">has noted before</a>, Bill C-30 would introduce new police powers allowing Canadian authorities easy access to individuals’ online activities, including the power to force Internet companies to hand over private customer data without a warrant. It would also pave the way for gag orders preventing online service providers from notifying subscribers that their private data has been disclosed — a move that would make it impossible for users to seek legal recourse for privacy violations.</p>
<p>Similar gag orders are frequently imposed in the United States, when the FBI issues national security letters (NSLs) seeking customer information. In a <a href="https://www.eff.org/deeplinks/2012/07/eff-challenges-national-security-letter-statute-landmark-lawsuit">case EFF has taken on</a> to <a href="http://online.wsj.com/article/SB10001424052702303567704577519213906388708.html">challenge</a> an NSL statute on behalf of a telecommunications company that received one of these secret letters in 2011, fundamental due process and First Amendment issues arising from these gag order provisions are a central concern.</p>
<p>Toews, the bill’s proponent, has made some outrageous claims about Bill C-30. Early on, he stated that opponents of the bill were either with him, "or with the child pornographers,” an apparent attempt to paint the legislation merely as a tool to combat online predators. Yet this framing of the issue was roundly rejected by stakeholders – as EFF <a href="https://www.eff.org/deeplinks/2012/02/keep-pressure-canadian-online-surveillance-bill-pause-fight-continues">reported</a> back in February, internal documents reveal that even the government’s own analysts have claimed the powers in question were<a href="http://www.canada.com/news/Tories+stand+firm+online+spying+legislation/6146676/story.html%23ixzz1nGGdteUW"> actually needed for non-criminal investigations</a>.</p>
<p>Indeed, the legislation met with broad criticism across the board. <a href="http://www.cippic.ca/sites/default/files/20110809-LT_Harper-Re_LawfulAccess-FINAL.pdf">Privacy Experts</a>, <a href="http://unlawfulaccess.net/">academics</a>, all of <a href="http://www.priv.gc.ca/media/nr-c/2011/let_110309_e.cfm">Canada’s Privacy Commissioners</a> (and specifically the <a href="http://www.priv.gc.ca/media/nr-c/2011/let_111027_e.asp">Federal</a>, <a href="http://www.realprivacy.ca/media/2012-04-04-Letter-to-Minister-Toews-re-Bill-C-30.pdf">Ontario</a> and <a href="http://www.oipc.bc.ca/pdfs/public/Bill_C-30_LettertoSECUCommittee%2827Feb2012%29.pdf">British Columbia</a> Commissioners), <a href="http://www.edmontonjournal.com/news/Privacy+costs+vital+variables+federal+anti+child+porn/6178989/story.html">telecommunications companies</a>, major <a href="http://www.nationalpost.com/opinion/licence+snoop/6148203/story.html">Canadian newspapers</a>, all opposition <a href="http://openmedia.ca/news/liberals-join-8-out-10-canadians-standing-against-government%E2%80%99s-warrantless-online-spying-bills">political parties</a>, the <a href="https://www.eff.org/deeplinks/2012/02/keep-pressure-canadian-online-surveillance-bill-pause-fight-continues">Internet community</a>, and more than <a href="http://openmedia.ca/stand">145,000 Canadians</a> who signed an OpenMedia.ca petition spoke out against the legislation because they understood that it represented an unwarranted invasion of Canadians’ online privacy. The message seemed to get through: The legislation was ultimately placed temporarily on hold in the wake of the public outcry.</p>
<p>In spite of this, Fadden made it clear in his letter that he’s eager to see the bill return to Parliament. He offered to help draft revisions to the legislation to strengthen accountability measures, and stated that his agency is available “to support this process through all legislative stages.”</p>
<p>This did not come as a great surprise to Canadian privacy advocates. “CSIS has been a strong (but silent) supporter of the legislation for quite some time,” said Tamir Israel, of the <a href="http://www.cippic.ca/en/privacy">Canadian Internet Policy and Public Interest Clinic</a> (CIPPIC). “Unfortunately, [Fadden’s] statement … offers little that will make this legislation palatable to Canadians. CSIS already has very broad surveillance powers and they have yet to make the case that these new powers are, in fact, necessary for them to continue to do their job.”</p>
<p class="Default">Fadden’s focus on strengthening accountability fails to address the endemic problems in Bill C-30. British Columbia Privacy Commissioner Elizabeth Denham <a href="http://www.oipc.bc.ca/pdfs/public/Bill_C-30_LettertoSECUCommittee%2827Feb2012%29.pdf">hit on the inherent problems with this approach</a> in her assessment of prior government attempts to fix Bill C-30 by introducing stronger accountability:</p>
<blockquote><p><i>I appreciate these changes attempt to improve the legislation. However, they remain premised on, and leave unaltered, the Bill’s fundamental flaw; that law enforcement can obtain an array of personal information about citizens, including real names, home addresses, unlisted numbers, email addresses and IP addresses from Internet service providers, without a warrant.</i></p></blockquote>
<p>The Ontario Privacy Commissioner has also issued a detailed outline of what <a href="http://www.realprivacy.ca/media/2012-04-04-Letter-to-Minister-Toews-re-Bill-C-30.pdf">it would take to fix Bill C-30</a>. And Denham’s perspective is shared by a broad cross-section of Canadians.</p>
<p>“If there's one lesson Toews should have learned from the huge public outcry via the over 145,000+ who have spoken out through the StopSpying.ca petition and social media, it is that the government needs to make an effort to consult Canadians on issues relating to online privacy,” said Steve Anderson of OpenMedia.ca. “Canadians know this online spying bill will provide a range of authorities with the private information of any Canadian, at anytime, without a warrant. The fact is Vic Toews’ online spying plan is invasive, costly and poorly thought out.”</p>
<p>More recently, Toews claimed that Bill C-30 would have helped law enforcement apprehend accused killer Luka Magnotta, who has been charged in the gruesome murder of a Chinese university student. But Dr. Michael Geist, an expert in Internet and E-Commerce law and law professor at the University of Ottawa, immediately debunked this assertion:</p>
<p>“There is simply no question that law enforcement can obtain the necessary warrant on customer name and address information (if an ISP refused as part of an investigation) and police have presumably obtained warrants for far more detailed information. Moreover, the surveillance capabilities at ISPs mandated by C-30 - which focus on real-time surveillance - appear completely irrelevant given that Magnotta fled to France. In fact, <a href="http://www.thedailybeast.com/articles/2012/06/04/canada-s-cannibal-killer-early-reports-warned-about-luka-magnotta.html">reports</a> indicate that there were early warnings about Magnotta and the video openly available that were dismissed by police.”</p>
<p>For his part, Israel characterized Toews’ statements as “more posturing from the Ministry of Justice and more crude attempts to leverage inflammatory issues in order to justify unnecessary and excessive powers.”</p>
<p>EFF continues to stand with Canadian privacy advocates who remain wary of Bill C-30’s return. We will continue to keep an eye on this legislation, which may be revisited once Parliament is back in session this coming fall.</p>
<p> </p>
<p> </p>
</div></div></div>Sat, 21 Jul 2012 01:01:40 +000071279 at https://www.eff.orgNews UpdateInternationalInternational Privacy StandardsPrivacyNational Security LettersRebecca BoweEFF Challenges National Security Letter Statute in Landmark Lawsuithttps://www.eff.org/es/deeplinks/2012/07/eff-challenges-national-security-letter-statute-landmark-lawsuit
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Since the first national security letter statute was passed in 1986, the FBI has issued hundreds of thousands of such letters seeking private telecommunications and financial records of Americans without any prior approval from courts. Indeed, for the period between 2003 and 2006 alone, <a href="http://www.usdoj.gov/oig/special/s0803b/final.pdf">almost 200,000 requests for private customer information were sought pursuant to various NSL statutes</a>. Prior to 2011, the constitutionality of this legal authority to investigate the records of Americans without court oversight had been challenged in court -- as far as we know -- exactly one <a href="http://en.wikipedia.org/wiki/National_security_letter#Doe_v._Ashcroft">time</a>. EFF is today releasing FBI-redacted briefing from a <a href="https://www.eff.org/cases/re-matter-2011-national-security-letter">major new ongoing case</a> in which it is challenging one of the NSL statutes on behalf of a telecommunications company that received an NSL in 2011. Not only does this briefing show that the Department of Justice continues to strongly protect the FBI's NSL authority, it highlights a startlingly aggressive new tactic used by the Department of Justice: <a href="https://www.eff.org/node/71216">suing NSL recipients</a> who challenge the FBI's authority, arguing that court challenges to such authority themselves amount to breaking the law.</p>
<p>National security letter statutes -- <a href="http://www.fas.org/sgp/crs/intel/RL33320.pdf">five in all</a> -- are controversial laws that allow the FBI to easily bypass courts and issue administrative letters on their own authority to telecommunications companies and financial institutions demanding information about their customers. The NSL statutes permit the FBI to permanently gag service providers from revealing the fact that the demand was made, preventing them from notifying either their customers or the public. While the statute has many deficiencies, one of the core constitutional issues (already recognized by <a href="http://caselaw.findlaw.com/us-2nd-circuit/1050457.html">one federal appeals court</a>) is that it turns the First Amendment's procedural prior restraint doctrine on its head by allowing the FBI to issue a never-ending prior restraint on its own, then requiring the recipient service provider to undertake a legal challenge. Another fundamental problem with the NSL statutes is that courts are all but written out of any part of the process: the FBI can issue demands for records and gag provisions without court authorization, and recipient telecommunications and financial companies have no way to determine whether and how the government might be overreaching or otherwise abusing its authority. Not surprisingly, given these significant structural barriers, legal challenges are extraordinarily rare.</p>
<p>EFF <a href="https://www.eff.org/node/71206">brought its challenge</a> on behalf of its client in May of 2011, raising these and other fundamental due process and First Amendment concerns about the structure of these problematic statutes. In response, the Department of Justice <a href="https://www.eff.org/node/71216">promptly filed a civil complaint</a> against the recipient, alleging that by "stat[ing] its objection to compliance with the provisions of" the NSL by "exercis[ing] its rights under" the NSL statute to challenge the NSL's legality, the recipient was "interfer[ing] with the United States' vindication of its sovereign interests in law enforcement, counterintelligence, and protecting national security." While it ultimately agreed to a stay, temporarily suspending its suit against the recipient, the government has moved to compel disclosure of the subscriber information and to uphold the gag. The petition to set aside the NSL is currently pending before the United States District Court for the Northern District of California. Whether the recipient will be permitted to speak out about its specific experiences -- and whether the FBI will be permitted to issue NSLs, at least in one district -- should soon be known.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/re-matter-2011-national-security-letter">In re: National Security Letter 2011 (11-2173)</a></div></div></div>Wed, 18 Jul 2012 02:51:41 +000071251 at https://www.eff.orgAnnouncementPrivacyNational Security LettersMatt ZimmermanTen Years After the Patriot Act, a Look at Three of the Most Dangerous Provisions Affecting Ordinary Americanshttps://www.eff.org/es/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span face="Cambria" size="3"><a href="http://www.pbs.org/newshour/updates/terrorism/july-dec01/bush_terrorismbill.html">Ten years ago today</a>, in the name of protecting national security and guarding against terrorism, President George W. Bush signed into law some of the most sweeping changes to search and surveillance law in modern American history. Unfortunately known as the USA PATRIOT Act, many of its provisions incorporate decidedly <i>un</i>patriotic principles barred by the First and Fourth Amendments of the Constitution. Provisions of the PATRIOT Act have been used to target innocent Americans and are widely used in investigations that have nothing to do with national security.</span></p>
<p><span face="Cambria" size="3">Much of the PATRIOT Act was a wish list of changes to surveillance law that <a href="http://www.washingtonpost.com/wp-dyn/content/article/2006/05/09/AR2006050900961_4.html">Congress had previously rejected</a> because of civil liberties concerns. When reintroduced as the PATRIOT Act after September 11<sup>th</sup>, those changes -- and others -- passed with only limited congressional debate. </span></p>
<p><span face="Cambria" size="3">Just what sort of powers does the PATRIOT Act grant law enforcement when it comes to surveillance and sidestepping due process? Here are three provisions of the PATRIOT Act that were sold to the American public as necessary anti-terrorism measures, but are now used in ways that infringe on ordinary citizens’ rights:</span></p>
<p><b><span face="Cambria" size="3">1. SECTION 215 – “ANY TANGIBLE THING”</span></b></p>
<p><span face="Cambria" size="3">Under this provision, the FBI can obtain secret court orders for business records and other “tangible things” so long as the FBI says that the records are sought "for an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities." The Foreign Intelligence Surveillance Court must issue the order if the FBI so certifies, even when there are no facts to back it up. These “things” can include basically anything—driver’s license records, hotel records, car-rental records, apartment-leasing records, credit card records, books, documents, Internet history, and more. Adding insult to injury, Section 215 orders come with a "gag " prohibiting the recipient from telling anyone, ever, that they received one. </span></p>
<p><span face="Cambria" size="3">As the <a href="https://www.nytimes.com/2011/09/22/us/politics/justice-dept-is-accused-of-misleading-public-on-patriot-act.html?_r=1"><i>New York Times</i> reported</a>, the government may now be using Section 215 orders to obtain “private information about people who have no link to a terrorism or espionage case.” The Justice Department has refused to disclose how they are interpreting the provision, but we do have some indication of how they are using Section 215. While not going into detail, <a href="http://www.wired.com/dangerroom/2011/05/secret-patriot-act/">Senator Mark Udall indicated</a> the FBI believes it to allows them “unfettered” access to innocent Americans’ private data, like “a cellphone company’s phone records” in bulk form. The government’s use of these secret orders is sharply increasing -- from 21 orders in 2009 to 96 orders in 2010, an increase of over 400% -- and according to a brand new report from the <a href="http://www.washingtonpost.com/world/national-security/fbi-going-to-court-more-often-to-get-personal-internet-usage-data/2011/10/25/gIQAM7s2GM_story.html">Washington Post</a>, 80% of those requests are for Internet records. </span></p>
<p><span face="Cambria" size="3">Today, <a href="https://www.eff.org/press/releases/eff-sues-answers-about-patriot-act-laws-10th-anniversary">EFF sued the Justice Department</a> to turn over records related to the government’s secret interpretation and use of <a href="https://w2.eff.org/patriot/sunset/215.php">Section 215</a>, regarding which Senator Ron Wyden, like Senator Udall, has offered ominous warnings: "When the American people find out about how their government has secretly interpreted the Patriot Act,” said Wyden <a href="http://news.yahoo.com/blogs/cutline/york-times-sues-obama-administration-over-patriot-act-203926398.html">on the Senate floor in May</a>, “they are going to be stunned and they are going to be angry.”</span></p>
<p><b><span face="Cambria" size="3">2. NATIONAL SECURITY LETTERS</span></b></p>
<p><span face="Cambria" size="3">Among the most used -- and outright frightening -- provisions in the PATRIOT Act are those that enhanced so-called National Security Letters (NSLs). The FBI can issue NSLs itself, without a court order, and demand a variety of records, from phone records to bank account information to Internet activity. As with 215 orders, recipients are gagged from revealing the orders to anyone. </span></p>
<p><span face="Cambria" size="3">While NSLs existed prior to 2001, they were infrequently used. The PATRIOT Act lowered the standard making it easier for the FBI to use NSLs to obtain the records of innocent people with no direct link to terrorists or spies, and their use skyrocketed. According to the ACLU’s <a href="http://www.aclu.org/pdfs/safefree/patriot_report_20090310.pdf">report on PATRIOT Act abuses</a></span>, there were 8,500 NSLs issued in 2000 but approximately 192,000 issued between 2003-2006. All of these NSL’s led to <i>one </i>terror conviction, and in that case, the <a href="http://www.aclu.org/national-security/surveillance-under-patriot-act">NSL wasn’t even needed</a>.</p>
<p><span face="Cambria" size="3">Not surprisingly, <a href="https://www.eff.org/deeplinks/2007/07/eff-receives-first-set-foia-documents-fbis-misuse-national-security-letter-authori">EFF FOIA requests</a></span> have found abuse of their NSL authority: “mistakes” that led to getting information on the wrong people, ISPs handing over extra or wrong information, and dozens of <a href="https://www.eff.org/flag/07656JDB/070507_nsl03.pdf">“exigent letters”</a> that “circumvented the law and violated FBI guidelines and policies.” EFF has successfully challenged the NSL gag orders <a href="https://www.eff.org/issues/national-security-letters">in multiple cases</a> as unconstitutional under the First Amendment, but the overall scheme still survives to this day.<b></b></p>
<p><b><span face="Cambria" size="3">3. SNEAK AND PEEK WARRANTS</span></b></p>
<p><span face="Cambria" size="3">Section 213 of the PATRIOT Act normalized <a href="https://ssd.eff.org/your-computer/govt/sneak-and-peek">“sneak-and-peek” warrants</a></span>. These allow law enforcement to raid a suspect’s house without notifying the recipient of the seizure for months. These orders usually don't authorize the government to actually seize any property — but that won't stop them from poking around your computers. Again, sneak-and-peek warrants could be used for <i>any</i> investigation, even if the crime was only a misdemeanor.</p>
<p><span face="Cambria" size="3"><a href="http://nymag.com/news/9-11/10th-anniversary/patriot-act/">From 2006-2009</a></span>, sneak-and-peek warrants were used a total of 1,755 times. Only fifteen of those cases—a microscopic 0.8%—involved terrorism. The rest were used in cases involving drugs or fraud.</p>
<p><span face="Cambria" size="3">These uses and abuses of the PATRIOT Act against ordinary Americans are only the tip of the iceberg. EFF has <a href="https://www.eff.org/deeplinks/2011/03/documents-obtained-eff-reveal-fbi-patriot-act">repeatedly documented</a> how federal law enforcement agencies have abused <a href="https://www.eff.org/deeplinks/2011/10/dangers-classifying-news">our nation’s broken secrecy system</a> to hide <a href="https://www.eff.org/deeplinks/2011/01/eff-releases-report-detailing-fbi-intelligence">specific instances</a> of illegal and unconstitutional conduct related to the PATRIOT Act. </span>EFF’s Freedom of Information Act requests <a href="https://www.eff.org/deeplinks/2010/12/fbi-arbitrarily-covers-evidence-misconduct">have painted a picture of</a> “an [FBI] engaged in excessive illegal intelligence gathering.”</p>
<p><span face="Cambria" size="3">After ten years, it’s crystal clear that the “emergency” measure sold as a necessary step in the fight against terrorism is being used routinely to violate the privacy of regular people in non-terrorism cases, threatening the Constitutional rights of every one of us. And after ten years, EFF is even more dedicated to fighting against PATRIOT overreach, both in Congress and the courts. Help us in that fight by <a href="https://supporters.eff.org/join">becoming an EFF member</a></span>, so that we can work together in making the next ten years better for civil liberties than the last.<b></b></p>
<p><span face="Cambria" size="3"> </span></p>
</div></div></div>Wed, 26 Oct 2011 19:23:59 +000067649 at https://www.eff.orgCommentaryTransparencyFree SpeechPrivacyNational Security LettersPATRIOT ActTrevor TimmNewly Released Documents Reveal Defense Department Intelligence Violationshttps://www.eff.org/es/deeplinks/2011/09/newly-released-documents-reveal-defense-department
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF just received documents that reveal additional post-9/11 Defense Department misconduct, including attempts by the Army to investigate participants at a conference on Islamic law at the University of Texas Law School and Army-issued National Security Letters (NSLs) to telecommunications providers in violation of the law.</p>
<p>EFF received these documents in response to a <a href="https://www.eff.org/foia/intelligence-agencies-misconduct">2009 Freedom of Information Act (FOIA) lawsuit</a> that we filed against the DoD and a half-dozen other federal agencies involved in intelligence gathering. In the lawsuit, we demanded the immediate release of reports about potential and actual agency misconduct, and the agencies have since released thousands of heavily-redacted pages, some of which we have discussed <a href="https://www.eff.org/deeplinks/2011/03/documents-obtained-eff-reveal-fbi-patriot-act">here</a>, <a href="https://www.eff.org/deeplinks/2011/01/eff-releases-report-detailing-fbi-intelligence">here</a>, <a href="https://www.eff.org/deeplinks/2010/02/pentagon-discloses-hundreds-reports-possibly">here</a> and <a href="https://www.eff.org/deeplinks/2009/12/intelligence-agencies-release-docs-describing-misc">here</a>.</p>
<p>Now, thanks to a recent Supreme Court case, we have more. In March 2011, after the DoD released most of its records to EFF, the Supreme Court decided an important FOIA case called <i><a href="http://www.law.cornell.edu/supct/html/09-1163.ZS.html">Milner v. Department of Navy</a></i>, 131 S.Ct. 1259 (2011). The case involved one of the exemptions to FOIA, <a href="http://www.law.cornell.edu/uscode/usc_sec_05_00000552----000-.html">5 U.S.C. §552(b)(2)</a>, that allows agencies to withhold information “related solely to the internal personnel rules and practices of an agency.” A <a href="http://openjurist.org/670/f2d/1051/crooker-v-bureau-of-alcohol-tobacco-and-firearms">1981 case</a> from the DC Circuit Court of Appeals interpreted this exemption broadly to cover “predominantly internal” materials whose disclosure would “significantly ris[k] circumvention of agency regulation or statutes,” and since that time agencies, including and especially the DoD, have relied on this broad interpretation of (b)(2) to withhold a ton of important information. In March, the Supreme Court overturned this reading of the exemption and held (b)(2) is limited solely to records relating to employee relations and human resources issues.</p>
<p>The <i>Milner</i> decision is important for our case because the DoD and other agencies withheld a significant amount of information under the broader interpretation of (b)(2). As our case is still in litigation, the agencies are now required to release that previously-withheld information to us (or determine it can be exempted under another section of the FOIA).</p>
<p>The small amount of re-released documents we’ve received so far fills in some of the holes in the picture of the federal government’s post-9/11 intelligence violations, just as it raises more questions. Here’s what the records reveal, with the graphics comparing the first government disclosures with the newly released records (move the slider back and forth to see the different versions):</p>
<h3><b>Army-Issued NSLs</b></h3>
<div id="container1">
<div><img alt="before" src="/files/NSLs-redacted_hl.png" height="340" width="600" /></div>
<div><img alt="after" src="/files/NSLs-not-redacted_hl.png" height="340" width="600" /></div>
</div>
<p>In 2004, an Army Special Agent <a href="https://www.eff.org/files/Army_NSLs.pdf">issued three NSLs</a> (pdf) for customer phone records directly to a communications company. The NSL statute, <a href="http://www.law.cornell.edu/uscode/usc_sec_18_00002709----000-.html">18 U.S.C. §2709</a>, only authorizes the FBI to issue NSLs, and specifically prohibits NSL recipients from telling anyone, including the customer, about the request. As the Army does not have the authority to issue NSLs, this Special Agent clearly violated the law. The Army did not discover the illegal requests until after the Agent received customer records from the communications company. Perhaps the most amazing thing about the story is that, according to the report,</p>
<blockquote><p><i>neither the Army unit nor the FBI Field Offices [with which the Army agent was working] were aware that these requests had to be made by the FBI.</i></p></blockquote>
<p>If we can’t rely on our government employees to know and understand the law, how can we rely on them to apply it appropriately?</p>
<h3><b>Investigation of University of Texas Conference Attendees</b></h3>
<div id="container2">
<div><img alt="before" src="/files/UT_investigation_redacted2_hl.png" height="240" width="600" /></div>
<div><img alt="after" src="/files/UT_Investigation_not_redacted2_hl.png" height="240" width="600" /></div>
</div>
<p>A <a href="https://www.eff.org/files/UT_Investigation.pdf">2004 Army intelligence violation report</a> (pdf) noted that two Army lawyers attended a conference on Islamic law at the University of Texas Law School without disclosing their military affiliation. Some conference participants discovered who they were and challenged why they were there. The Army lawyers, believing that the conference participants had asked “inappropriate questions,” decided to investigate them. Without any investigative authority or jurisdiction (the military’s authority to investigate civilians in the United States is very limited), two Army Special Agents went to UT to ask about three conference attendees. The Army’s internal investigation into the matter concluded that the Special Agents had,</p>
<blockquote><p><i>improperly conducted investigative activity directed against three civilians within the U.S., who were outside Army counterintelligence investigative jurisdiction and failed to refer the matter to the FBI as they were required to do.</i></p></blockquote>
<p>This report confirms once again that the US government has been improperly targeting Muslims in the United States. As we <a href="https://www.eff.org/deeplinks/2009/12/intelligence-agencies-release-docs-describing-misc">reported previously</a>, records we received from the Department of Homeland Security (DHS) noted that in 2008, DHS's Office of Intelligence and Analysis <a href="https://www.eff.org/files/Georgia.pdf">improperly collected intelligence</a> (pdf) about a non-violent Muslim conference in Georgia, including details about conference speakers who were Americans, and in 2007, DHS I&amp;A <a href="https://www.eff.org/files/NationOfIslam.pdf">improperly investigated</a> (pdf) the U.S.-based religious organization the Nation of Islam. And just last week, <a href="http://www.wired.com/dangerroom/2011/09/fbi-muslims-radical/">Wired reported</a> that the FBI "is teaching its counterterrorism agents that “main stream” [sic] American Muslims are likely to be terrorist sympathizers."</p>
<h3><b>Joint FBI/DoD Surveillance Operations</b></h3>
<div id="container3">
<div><img alt="before" src="/files/Joint_FBI_NCIS_redacted_hl.png" height="200" width="600" /></div>
<div><img alt="after" src="/files/Joint_FBI_NCIS_not_redacted_hl.png" height="200" width="600" /></div>
</div>
<p>Finally, <a href="https://www.eff.org/files/DoD_FBI_collaboration.pdf">several pages</a> (pdf) refer to joint missions between the FBI and DoD, including a Joint FBI/National Criminal Investigations Service (NCIS) counterespionage operation in which an NCIS “asset” apparently went undercover into a US organization. This violates a <a href="http://atsdio.defense.gov/documents/52410.html">DoD regulation</a> that severely limits the ability of DoD employees to participate in US organizations’ activities without disclosing “their affiliation with the intelligence component . . . to an appropriate official of the organization.” Based on <a href="https://www.eff.org/deeplinks/2010/02/pentagon-discloses-hundreds-reports-possibly">earlier releases</a>, we already knew that several components of the DoD conducted surveillance on US organizations, including Planned Parenthood and anti-war groups, and we already knew the DoD worked together with the FBI on investigations, so it’s unclear why the DoD felt it was so important originally to redact this information.</p>
<p>The release of these documents shows just how broadly the DoD was applying the (b)(2) FOIA exemption to prevent the public from knowing what went on in post-9/11 America. None of the information above should have been redacted under even the broadest, pre-<i>Milner</i> interpretation of (b)(2), and we can only assume these redactions are representative of how the DoD has applied other FOIA exemptions to its records as well. The DoD and other agencies should proactively release the rest of the records withheld under (b)(2). If they don't, we will address this along with other exemption issues as we move forward with litigation in our FOIA case this fall.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/foia/intelligence-agencies-misconduct-reports">Intelligence Agencies&#039; Misconduct Reports</a></div></div></div>Thu, 22 Sep 2011 18:13:43 +000061523 at https://www.eff.orgTransparencyPrivacyNational Security LettersJennifer LynchEFF Lets the Sunshine Inhttps://www.eff.org/es/deeplinks/2011/03/EFF-Lets-the-Sun-Shine-In
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This week marks the seventh annual <a href="http://www.sunshineweek.org">Sunshine Week</a>, a national initiative to promote dialogue about the importance of open government and freedom of information. As our little way to celebrate, EFF has recently posted nearly nine thousand pages of government documents to our site. For the majority of these documents, many of which were previously classified, this is the first time these files have been added to the public domain. The documents were all obtained in conjunction with EFF’s <a href="/issues/foia">FOIA Litigation for Accountable Government (FLAG) Project</a>, which aims to expose the government's expanding use of new technologies and to protect civil liberties by increasing government transparency.</p>
<p>The trove of documents include:</p>
<ul><li><b><a href="/foia/intelligence-agencies-misconduct">Intelligence Agencies' Misconduct Reports</a></b>: nearly<a href="https://www.eff.org/fn/directory/8443/421"> 2,500 pages of documents </a> detailing reports of FBI intelligence violations submitted to the Intelligence Oversight Board from 2001 to 2008, which we reported on <a href="/wp/patterns-misconduct-fbi-intelligence-violations">here</a></li>
<li><b><a href="https://www.eff.org/foia/foia-cross-border-electronic-funds-transfers">Cross-Border Electronic Funds Transfers</a></b>: almost <a href="https://www.eff.org/fn/directory/12519/424">1,500 pages of documents</a> related to the Financial Crimes Enforcement Network’s (FinCEN) proposed rule requiring reporting of all cross-border financial transactions, which we blogged about <a href="//www.eff.org/deeplinks/2010/12/sending-money-overseas-holidays-government-wants">here</a></li>
<li><b><a href="/foia/foia-dcs-5000-redwolf">DCS-5000 ("Redwolf")</a></b>: approximately <a href="/fn/directory/12559/429"> 3,500 pages of documents</a> related to the FBI’s latest-generation digital collection system, the DCS-5000, codenamed "Redwolf"</li>
<li><b><a href="https://www.eff.org/foia/talon-reporting">TALON Reporting</a></b>: almost <a href="https://www.eff.org/fn/directory/12696/432">200 pages of documents</a> related to the Department of Defense's Threat and Local Observation Notice (TALON) reports, including the collection of information on peaceful protesters and domestic advocacy groups</li>
<li><b><a href="https://www.eff.org/foia/net-neutrality-lobbying">Net Neutrality Lobbying</a></b>: <a href="/foia/net-neutrality-lobbying">50 pages of documents</a> related to records of meetings or discussions between FCC officials and representatives of telecommunications, cable, and Internet companies and organizations concerning potential net neutrality regulations</li>
<li><b><a href="https://www.eff.org/foia/foia-printer-dots">Printer Dots</a></b>: almost <a href="https://www.eff.org/fn/directory/12564/430">700 pages of documents</a> related to federal government agencies' use of "printer dots" -- tracking codes embedded in pages printed from certain printers</li>
</ul><p>EFF also posted supplemental responses to three other FOIA requests concerning <a href="https://www.eff.org/issues/foia/07656JDB">national security letters</a> (<a href="https://www.eff.org/files/filenode/07656JDB/20100506_dodig_nsl.pdf">23 pages</a> (pdf)), <a href="https://www.eff.org/foia/pen-registers">the government's use of pen registers</a> (<a href="/fn/directory/7604/423">185 pages</a>), and <a href="/foia/dhs-passenger-data">international traveler data sharing</a> (<a href="/fn/directory/7821/343">219 pages</a>).</p>
<p>"A democracy," it has been said, "cannot function unless the people are permitted to know what their government is up to." And that's exactly why we do what we do: the FLAG Project's goal is to make our democracy stronger by exposing and challenging threats to our civil liberties in a networked world. But increasing government transparency and accountability isn't something we can do alone. We need your help, too -- whether it's by helping us <a href="/deeplinks/2011/03/eff-seeks-cooperating-foia-reviewers">review FOIA releases</a>, by <a href="/action">taking action</a>, or by <a href="/donate/index.php?s_src=https%3A%2F%2Fwww.eff.org%2Faction&amp;s_subsrc=navbar">supporting our work</a>, our ability to increase transparency is only as strong as <em>our</em> network. So this week, go ahead and join us -- let a little sunshine in.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/foia/talon-reporting">TALON Reporting</a></div><div class="field__item odd"><a href="/es/foia/foia-printer-dots">Printer Dots</a></div><div class="field__item even"><a href="/es/foia/pen-registers">Pen Registers</a></div><div class="field__item odd"><a href="/es/foia/net-neutrality-lobbying">Net Neutrality Lobbying</a></div><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div><div class="field__item odd"><a href="/es/foia/intelligence-agencies-misconduct-reports">Intelligence Agencies&#039; Misconduct Reports</a></div><div class="field__item even"><a href="/es/foia/dhs-passenger-data">DHS Passenger Data</a></div><div class="field__item odd"><a href="/es/foia/foia-dcs-5000-redwolf">DCS-5000 &quot;Redwolf&quot;</a></div><div class="field__item even"><a href="/es/foia/foia-cross-border-electronic-funds-transfers">Cross-Border Electronic Funds Transfers</a></div></div></div>Wed, 16 Mar 2011 17:03:58 +000061293 at https://www.eff.orgTransparencyNational Security LettersPATRIOT ActPen TrapPrinter TrackingMark RumoldTell Your Representative to Reject the PATRIOT Act Sneak Attack Before Tomorrow's Vote!https://www.eff.org/es/deeplinks/2011/02/tell-your-representative-reject-patriot-act-sneak-0
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><i>Tell your Congressperson to vote NO on the <a href="http://www.eff.org/issues/patriot-act">USA PATRIOT Act</a> in tomorrow's vote! The PATRIOT reauthorization bill being fast-tracked to the House floor contains NO reforms to the law, and will be voted upon with NO debate and NO opportunity for amendments to add oversight and accountability. Help stop this sneak attack on your civil liberties: there are only hours left to visit our <a href="https://secure.eff.org/site/Advocacy?cmd=homepage&amp;page=UserAction&amp;id=461">Action Center</a> and tell your Representative to vote "NO" on <a href="http://www.govtrack.us/congress/bill.xpd?bill=h112-514">H.R. 514</a>, the PATRIOT extension bill.</i></p>
<p>In late 2009, when PATRIOT reauthorization was originally being considered by Congress, many important PATRIOT reform measures were proposed and debated, and <a href="http://www.eff.org/deeplinks/2009/11/battle-won-not-war-patriot-reform-bill-passes-out-">a bill filled with powerful new checks and balances</a> was reported favorably out of the House Judiciary Committee. But, as Congress ran up against the renewal deadline, it decided that there was not enough time to fully consider those reforms. So, in February 2010, Congress instead <a href="http://www.eff.org/deeplinks/2010/02/epic-fail-congress-usa-patriot-act-renewed-without">extended</a> the "sunsetting" sections of the law until the end of this February, with a promise to fully consider the issues before the next deadline.</p>
<p>But Congress is breaking its promise to consider reforms to the PATRIOT Act. In a legislative sneak attack, the new Republican leadership in the House is trying push Representatives to rubber-stamp another PATRIOT renewal. The House leaders just announced on Friday that they’ll be "suspending the rules" so that a bill introduced by Rep. Sensenbrenner to extend the expiring PATRIOT provisions until December 8, 2011 will go to the House floor for a vote TOMORROW, without any debate and without any opportunity for anyone to offer amendments to improve the bill. </p>
<p>In particular, the bill would renew the following dangerously unchecked PATRIOT powers:</p>
<p>• The government’s power under PATRIOT Section 215 to obtain secret court orders for Internet, phone and business records of people who are not suspected of terrorism or spying;<br />
• The government’s "lone wolf wiretapping" power, allowing it to get court orders authorizing secret foreign intelligence wiretaps against individuals who have no connection to any foreign power or terrorist group; and<br />
• The government’s power to obtain blank-check "roving" wiretap orders that can be used to tap any phone number, email account or other communications facility that the government believes is being used by its target.</p>
<p>These provisions should not be renewed, and certainly not without any debate or any new checks and balances to prevent abuse and protect civil liberties. So please <a href="https://secure.eff.org/site/Advocacy?cmd=homepage&amp;page=UserAction&amp;id=461">act now</a> to tell your Representatives that they should vote NO to the PATRIOT Act in tomorrow's vote! </p>
</div></div></div>Mon, 07 Feb 2011 20:07:27 +000061263 at https://www.eff.orgCall To ActionPATRIOT ActPrivacyNational Security LettersKevin BankstonEFF Uncovers Widespread FBI Intelligence Violationshttps://www.eff.org/es/deeplinks/2011/01/eff-releases-report-detailing-fbi-intelligence
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF has uncovered widespread violations stemming from FBI intelligence investigations from 2001 - 2008. In a <a href="/pages/patterns-misconduct-fbi-intelligence-violations"><b>report released today</b></a>, EFF documents alarming trends in the Bureau’s intelligence investigation practices, suggesting that FBI intelligence investigations have compromised the civil liberties of American citizens far more frequently, and to a greater extent, than was previously assumed.</p>
<p>Using documents obtained through <a href="https://www.eff.org/foia/intelligence-agencies-misconduct">EFF's Freedom of Information Act (FOIA) litigation</a>, the report finds:</p>
<p>• <i>Evidence of delays of 2.5 years, on average, between the occurrence of a violation and its eventual reporting to the Intelligence Oversight Board </i></p>
<p>• <i>Reports of serious misconduct by FBI agents including lying in declarations to courts, using improper evidence to obtain grand jury subpoenas, and accessing password-protected files without a warrant</i></p>
<p>• <i>Indications that the FBI may have committed upwards of 40,000 possible intelligence violations in the 9 years since 9/11</i></p>
<p>EFF's report stems from analysis of nearly 2,500 pages of FBI documents, consisting of reports of FBI intelligence violations made to the <a href="https://secure.wikimedia.org/wikipedia/en/wiki/President%27s_Intelligence_Advisory_Board#Intelligence_Oversight_Board">Intelligence Oversight Board</a> — an independent, civilian intelligence-monitoring board that reports to the President on the legality of foreign and domestic intelligence operations. The documents constitute the most complete picture of post-9/11 FBI intelligence abuses available to the public. Our earlier analysis of the documents showed the <a href="https://www.eff.org/deeplinks/2010/12/fbi-arbitrarily-covers-evidence-misconduct">FBI's arbitrary disclosure practices</a>.</p>
<p>EFF's report underscores the need for greater transparency and oversight in the intelligence community. <a href="https://www.eff.org/issues/foia">As part of our ongoing effort</a> to inform the public and elected officials about abusive intelligence investigations, we are distributing copies of the report to members of Congress.</p>
<p>A pdf copy of the report can be downloaded <a href="https://www.eff.org/files/EFF IOB Report.pdf">here</a>.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/foia/intelligence-agencies-misconduct-reports">Intelligence Agencies&#039; Misconduct Reports</a></div></div></div>Sun, 30 Jan 2011 11:41:24 +000061254 at https://www.eff.orgNews UpdateTransparencyNational Security LettersPATRIOT ActMark RumoldThe FBI Arbitrarily Covers Up Evidence of Misconduct: Is This the Transparency Obama Promised?https://www.eff.org/es/deeplinks/2010/12/fbi-arbitrarily-covers-evidence-misconduct
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF recently received documents in response to one of our Freedom of Information Act (FOIA) requests that demonstrate a disturbing trend: the FBI's arbitrary application of FOIA exemptions to hide, or in some instances, reveal, its unlawful activities.</p>
<p>Through a careful comparison of thousands of pages of documents we received from this FOIA request with the same documents we received from an earlier FOIA request, we found that redactions in many of these duplicated documents were strikingly different. In several cases, the FBI redacted <i>more</i> information in <i>later</i>-produced documents than it did in earlier-produced documents. In other cases, the FBI redacted differing amounts of information when it produced two copies of the same report in response to the same FOIA request. Sometimes the agency blocked out whole paragraphs, while at other times it blocked out only the key words that explain the details of its acts. What is interesting is that the FBI claimed the same FOIA exemptions in each version; it just applied them differently.</p>
<p>The documents at issue are reports submitted by the FBI to the Intelligence Oversight Board (IOB), a body that is charged with overseeing the intelligence community's compliance with the Constitution and intelligence laws. In all, the documents total almost 2500 pages, and we'll discuss the troubling picture they paint of an agency engaged in excessive illegal intelligence gathering in a later post. But first, below, are side-by-side comparisons of four reports and an overview of the information they reveal (move the slider to see the differences). Following that is our analysis of what this means for the public’s access to information about our government.</p>
<h2><b>The Documents</b></h2>
<h3><b>1. FBI IOB Report 2001-69 - NSL for Financial Records</b></h3>
<div id="container1">
<div><img alt="before" width="615" height="454" src="/files/beforeafterimages/NSL_financial1.png" /></div>
<div><img alt="after" width="615" height="454" src="/files/beforeafterimages/NSL_financial2.png" /></div>
</div>
<p>We received two copies of the same report in response to our more recent FOIA request to the FBI. The same exemptions were claimed in both copies of the report but <a href="/files/IOB_FOIA-2001-69-v1.pdf">Version 1</a> is much more heavily redacted than <a href="/files/IOB_FOIA-2001-69-v2.pdf">Version 2</a>.</p>
<p>The report discusses the FBI’s improper collection of bank and credit card records. In Version 1, all important information about the violation (including that it relates to financial records) was withheld. Version 2 reveals most of the details and shows the extent of the FBI’s violation. In this matter, the FBI, as part of an ongoing investigation into international terrorism, sought hotel and financial records on a subject. Although the agent responsible had no legal authority to obtain the financial records, he or she purposefully styled a request to a financial institution as a National Security Letter (NSL) to hide this fact, essentially lying to obtain the bank and credit card information. There is likely no way the financial institution receiving the NSL would have been able to tell the letter was illegal and thus no one would have been able to challenge this violation of the law. And even if the bank found out the NSL was illegal, the “gag order” accompanying all NSLs at the time would have prevented the bank from talking about it publicly.</p>
<h3><b>2. FBI IOB Report 2003-115 — Illegal Use of FISA-Authorized Pen Register</b></h3>
<div id="container2">
<div><img alt="before" width="615" height="338" src="/files/beforeafterimages/Illegal_Pen_Register_1.png" /></div>
<div><img alt="after" width="615" height="338" src="/files/beforeafterimages/Illegal_Pen_Register_2.png" /></div>
</div>
<p>We received <a href="/files/NSL_FOIA-2003-115-v1.pdf">Version 1</a> of the report above in response to our FOIA request from 2007. This version details the FBI’s use of a telephone number collected under a FISA-authorized pen register/trap and trace surveillance to support a federal grand jury subpoena in a criminal investigation. This is problematic because the law clearly precludes the FBI from using a FISA-derived telephone number in a criminal case without the Attorney General’s prior approval. And, it appears from the report that the Bureau did not have the AG’s approval before proceeding with the grand jury subpoena.</p>
<p>The FBI sent us <a href="/files/IOB_FOIA-2003-115-v2.pdf">Version 2</a> of the report this fall in response to our 2008 FOIA. In Version 2, the Bureau has blocked out all important identifying details.</p>
<h3><b>3. FBI IOB Report 2006-305 — NSL for “All Images Uploaded”</b></h3>
<div id="container3">
<div><img alt="before" width="615" height="386" src="/files/beforeafterimages/All_Images_1.png" /></div>
<div><img alt="after" width="615" height="386" src="/files/beforeafterimages/All_Images_2.png" /></div>
</div>
<p>We received <a href="/files/NSL_FOIA-2006-305-v1.pdf">Version 1</a> of the report above in response to our FOIA request from 2007. The FBI sent us <a href="/files/IOB_FOIA-2006-305-v2.pdf">Version 2</a> this fall.</p>
<p>On first glance, the amount of information withheld in Version 2 of this report does not appear as extensive as in the two reports above. Upon closer inspection, however, the FBI has blocked out all details of its illegal activity in Version 2. This IOB report describes the agency’s attempts to use an NSL to obtain not only transactional information (a legal use of an NSL) but also all the images a subject uploaded to his ISP. As the IOB report notes, the FBI is not allowed to use an NSL to get this type of content information. (The three types of information available under an NSL are "Subscriber and Toll Billing Records," "Financial Records," and "Consumer Credit Records.") The other piece of information withheld in Version 2 of this report is the specific section of the Attorney General’s Guidelines on foreign intelligence collection that was violated. It’s unclear why the agency would have felt it necessary to block out this information, as this section of the Guidelines merely describes what information is available pursuant to an NSL (a redacted version of the Guidelines is available <a href="http://www.fas.org/irp/agency/doj/fbi/nsiguidelines.pdf">here</a>).</p>
<h3><b>4. FBI IOB Report 2007-717 — NSL for Educational Records</b></h3>
<div id="container4">
<div><img alt="before" width="615" height="482" src="/files/beforeafterimages/educational_1.png" /></div>
<div><img alt="after" width="615" height="482" src="/files/beforeafterimages/educational_2.png" /></div>
</div>
<p>We received <a href="/files/NSL_FOIA-2007-717-v1.pdf">Version 1</a> of the report above in response to our FOIA request from 2007. This document (which, in its less redacted version, was the subject of an earlier <a href="https://www.eff.org/issues/foia/report-nsl-ncstate">EFF report</a>) details how the FBI tried to use a National Security Letter to obtain educational records on a student at a state university in North Carolina. As we noted in our earlier report, educational records are very clearly not one of the three classes of information available under an NSL. Luckily, the university’s legal counsel recognized this and refused to comply with the NSL.</p>
<p>The FBI sent us <a href="/files/IOB_FOIA-2007-717-v2.pdf">Version 2</a> of the report this fall. Like the third report discussed above, the redactions in this version don’t appear, at first glance, to be extensive. However, when compared with Version 1, it’s clear the FBI has withheld the entire meat of the story.</p>
<h2><b>Analysis</b></h2>
<p>The Freedom of Information Act requires the government to disclose details of its activities to the public. Although certain exemptions within the Act allow agencies to withhold some information (for example where national security or personal privacy is at issue), the presumption is in favor of disclosure. President Obama reiterated this on his first full day of office by <a href="http://www.whitehouse.gov/the_press_office/FreedomofInformationAct/">directing</a>:</p>
<blockquote><p>The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails. The Government should not keep information confidential merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears.</p></blockquote>
<p>Many applauded the President at the time for ushering in a new era of transparency in government. However, our review of these documents finds that not only has the FBI failed to comply with this “presumption of openness,” but in fact in some cases, the amount and type of information withheld under the Obama administration is far greater than the amount of information withheld under the supposedly more “closed” Bush administration.</p>
<p>This certainly isn’t the first time we’ve seen evidence that an arm of the Justice Department has withheld more than it is entitled to under FOIA. We found this in the FBI’s response of one of our earlier FOIA requests and reported on it <a href="https://www.eff.org/pages/sunshine2010">here</a>. More recently, the New York Times <a href="https://www.nytimes.com/2010/11/14/us/14nazis.html">reported</a> on the Justice Department’s attempts to keep from the public eye evidence of its embarrassing role in the US government’s “collaboration with [Nazi] persecutors.”</p>
<p>This trend is problematic because it puts Americans at a distinct disadvantage in obtaining information necessary to be informed about how our government operates. In each of these cases, if we or the Times had not obtained a second version of the document, we likely would not have been able to discover the agency’s cover up. The FOIA exemptions claimed by the agency are difficult to challenge in court, and the agency, by virtue of the fact that it has access to all the text, clearly has the upper hand.</p>
<p>In the recent controversy over the latest WikiLeaks release, <a href="http://online.wsj.com/article/SB10001424052748703989004575653280626335258.html">many have argued</a> that WikiLeaks’ release of unredacted and in some cases classified documents has put the United States at risk. However, the documents WikiLeaks has released have also informed Americans about the actions of our government, both the good and in many cases the bad. These documents tell us what the government is up to, and also fuel an educated public debate about government activities. These are the goals of FOIA, and when the FOIA process works properly (i.e., when agencies do not withhold more information than they are entitled to under the Act and do not drag their feet on releasing records until someone challenges them either through a request or litigation), all Americans benefit. However, when federal agencies arbitrarily withhold information and don’t play by the rules, it makes it more likely that entities like WikiLeaks will feel the need to work around a broken system that seems to encourage unnecessary secrecy.</p>
<p>Federal agencies should not be able to hide their missteps behind white blocks. We plan to bring this to the court’s attention in our lawsuit challenging the FBI and other agencies’ improper withholding of reports submitted to the Intelligence Oversight Board.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div><div class="field__item odd"><a href="/es/foia/intelligence-agencies-misconduct-reports">Intelligence Agencies&#039; Misconduct Reports</a></div></div></div>Wed, 08 Dec 2010 19:44:28 +000061189 at https://www.eff.orgCommentaryNational Security LettersTransparencyJennifer LynchDOJ Pushing to Expand Warrantless Access to Internet Recordshttps://www.eff.org/es/deeplinks/2010/07/doj-pushing-expand-warrantless-access-internet
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This morning's Washington Post <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/07/28/AR2010072806141.html">reveals</a> that the Department Of Justice has been pressuring Congress to expand its power to obtain records of Americans' private Internet activity through the use of <a href="http://www.eff.org/issues/national-security-letters">National Security Letters (NSLs)</a>.</p>
<p>NSLs, you may remember, are one of the most powerful and frightening tools of government surveillance to be expanded by the Patriot Act. These letters allow the FBI to secretly demand data from phone companies and internet service providers about the private communications of ordinary citizens. The letters include a gag order, which forbids recipients from ever revealing the letters' existence to their coworkers, their friends, or even to their family members, much less the public. </p>
<p>The gag order and the lack of oversight make this power ripe for abuse. Indeed, the FBI's systemic abuse of this power was confirmed both by <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/03/13/AR2008031302277.html">a Department Of Justice investigation</a> and in <a href="http://www.eff.org/issues/foia/07656JDB">documents obtained by EFF</a> through Freedom of Information Act litigation. Yet, in the years since that abuse became publicly known, there has been no reform of the law governing NSLs.</p>
<p>Now, the DOJ is asking Congress to pass vague and broad new language meant to expand the kinds of data that can be acquired through NSLs. This morning's Washington Post article suggests that the new language could allow access to detailed web browsing history, search history, location information, or even Facebook friend requests.</p>
<p>Considering the FBI's dismal record on surveillance abuses, this is a stunning and brazen request. They're asking Congress to reward bad behavior by allowing even more bad behavior. We're hoping that Congress will have the courage and integrity to turn them down. Keep reading Deeplinks for more news on this as it develops.</p>
</div></div></div>Thu, 29 Jul 2010 19:13:30 +000061077 at https://www.eff.orgNews UpdateNational Security LettersTim JonesSunshine Week 2010: FOIA Could Still Shed More Lighthttps://www.eff.org/es/deeplinks/2010/03/sunshine-week-2010
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>As the transparency community celebrates <a href="http://www.sunshineweek.org/">Sunshine Week</a>, we here at EFF are reminded that most of the federal agencies we seek to monitor through our <a href="http://www.eff.org/issues/foia">Freedom of Information Act work</a> continue to cloak their activities in excessive secrecy. We have grown accustomed to receiving agency documents with large amounts of information blacked out — or "redacted" in the official parlance. While we often suspect that many of these deletions are made to conceal innocuous, or perhaps embarrassing, information, it is usually impossible to confirm those suspicions. But in some rare instances, we are able to learn precisely what a recalcitrant agency has improperly withheld from public view.</p>
<p>Such an opportunity recently arose when the Washington Post <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/01/18/AR2010011803982_pf.html">published</a> a series of internal FBI e-mail messages concerning the Bureau's abuse of <a href="http://en.wikipedia.org/wiki/National_Security_Letter">national security letter</a> (NSL) authority. NSLs are used to obtain, among other things, telephone toll billing records and subscriber information, and electronic communication transactional records. In <a href="http://www.docstoc.com/docs/5791797/A-Review-of-the-Federal-Bureau-of-Investigations-Use">a report</a> issued in March 2007, the Justice Department's Inspector General concluded that the FBI had systematically violated the law by improperly issuing hundreds of NSLs without proper authorization. Within days of the IG's report, EFF submitted a <a href="http://www.eff.org/issues/foia/07656JDB">FOIA request to the FBI</a> for documents detailing these abuses. Of the tens of thousands of pages of material that the Bureau eventually identified as responsive to our request, the vast majority of the relevant information was redacted.</p>
<p>The e-mail messages published by the Washington Post were obtained from an FBI whistleblower who had been directly involved in the Bureau's handling of NSLs. Through a careful comparison of the redacted material originally released to EFF with the <em>unredacted</em> messages recently published by the Washington Post, we were able to see precisely what the Bureau withheld. We were particularly struck by the fact that the FBI redacted all references to a proposal that had been floated within the Bureau to legitimize questionable demands for communications records — so-called "exigent letters" — a plan that the DOJ Inspector General clearly described in his report:</p>
<blockquote><p>Our review of contemporaneous e-mail communications . . . found that for nearly 2 years, beginning in late 2004, [FBI National Security Law Branch] attorneys counseled CAU [Communications Analysis Unit] officials to take a variety of actions, including . . . opening "umbrella" investigations out of which national security letters could be issued in the absence of another pending investigation. . . .</p>
<p>The Assistant General Counsel at first proposed the establishment of six "generic" or "umbrella" investigations representing the recurring types of threats investigated by the Counterterrorism Division. The proposal contemplated that the FBI would issue national security letters from these files in exigent circumstances when there were no other pending investigations to which the request could be tied.</p></blockquote>
<p>As the <a href="http://www.eff.org/pages/sunshine2010">side-by-side comparison of the redacted and full-text e-mail messages</a> shows, the FBI withheld all references to its proposal to use "generic" or "umbrella" investigations as a rationale to justify questionable demands for sensitive information relating to private communications. It is worth noting that the FBI continued to withhold this information even after President Obama and Attorney General Holder announced that a new "presumption of openness" should guide agency FOIA implementation. Despite the Attorney General's assertion that the Justice Department would only defend an agency's decision to withhold information if it could demonstrate a "foreseeable harm" from disclosure, in this instance DOJ attorneys defended the FBI's withholding of information that was revealed by the Department's own Inspector General three years ago.</p>
<p>FOIA is a powerful tool, and this example of over-redaction demonstrates the need to continue seeking a culture of transparency and trust from our government. President Obama took the first step by <a href="http://www.eff.org/deeplinks/2009/01/on-day-one-obama-demands-open-government">declaring</a> that "[a]ll agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open Government," and organizations like EFF are making sure that the government remembers its promise. But Sunshine Week exists to remind citizens, journalists, members of Congress, and folks both inside and outside the transparency movement to continue seeking honest disclosure using all the tools that exist: rigorous investigations, hearings, and actual, public oversight.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/issues/foia/07656JDB">National Security Letters (NSLs)</a></div></div></div>Mon, 15 Mar 2010 17:07:11 +000060951 at https://www.eff.orgCommentaryTransparencyNational Security LettersDavid Sobel